• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

SSL tunneling with ISA 2006

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA 2006 Publishing] >> Web Publishing >> SSL tunneling with ISA 2006 Page: [1]
Login
Message << Older Topic   Newer Topic >>
SSL tunneling with ISA 2006 - 29.Nov.2007 11:56:36 PM   
SpeedMaster

 

Posts: 15
Joined: 12.Feb.2007
Status: offline
Hi! I'm wondering if it is possible. When I publish a secure web site with ISA 2004 I have a choice of SSL bridging and SSL tunneling. ISA 2006 does not have an option "Publish secure website", instead I can configure an SSL listener and make the website secure by using SSL. But here I have only a choice of a chain client-to-ISA-to-IIS that can be HTTP-HTTP, HTTP-SSL, SSL-HTTP and SSL-SSL. Do I really cannot make a tunnel when a client certificate provided by the client is passed directly to IIS so IIS can determine a domain username, to which this certificate is mapped. Right now ISA does identify the domain user, but I cannot pass the certificate further to IIS. Please, help!
Thank you!
Post #: 1
RE: SSL tunneling with ISA 2006 - 30.Nov.2007 4:23:07 AM   
Jason Jones

 

Posts: 4663
Joined: 30.Jul.2002
From: United Kingdom
Status: offline
To do SSL tunnelling, you will need to use server publishing as opposed to web publishing. Use the HTTPS Server protocol in the server publishing rule.

However, ISA then becomes a simple port mapping device and you lose a lot of the benefits of ISA Server web publishing, so this is not ideal.

You should be able to use ISA web publishing even with your scenario, but you will need to look at Kerberos Constrained Delegation (KCD) to allow for client certificate delegation. Have a look here: http://www.microsoft.com/technet/isa/2006/kcd.mspx

Cheers

JJ

_____________________________

Jason Jones | Forefront MVP | Silversands Ltd
My Blogs: http://blog.msedge.org.uk/ and http://blog.msfirewall.org.uk/

(in reply to SpeedMaster)
Post #: 2
RE: SSL tunneling with ISA 2006 - 30.Nov.2007 9:33:32 AM   
SpeedMaster

 

Posts: 15
Joined: 12.Feb.2007
Status: offline
Thank you a lot, I'll study the article. Looks nice!

(in reply to Jason Jones)
Post #: 3

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA 2006 Publishing] >> Web Publishing >> SSL tunneling with ISA 2006 Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts