• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

SSL-Tunnel blocked?

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA 2006 Firewall] >> Access Policies >> SSL-Tunnel blocked? Page: [1]
Login
Message << Older Topic   Newer Topic >>
SSL-Tunnel blocked? - 12.Feb.2008 1:42:36 PM   
HendersonD

 

Posts: 24
Joined: 15.Oct.2007
Status: offline
Within the Microsoft Office products, there are occasions when content from the internet needs to be accessed. For example, to get clip art, design templates, or help. When we try to pull design templates from the net into Powerpoint, ISA blocks the request, the output is shown below. I am guessing that since ISA cannot look at the traffic inside the SSL tunnel, it errors on the safe side and blocks this traffic. Is there any way to allow this on my ISA server?

The other thing that is a bit confusing is my web access rule allows HTTP, HTTPs, and FTP. What is the difference between allowing HTTPs traffic and denying SSL-Tunnel?

One more piece of possibly relevant information, we are running in one nic mode and just using ISA for web proxy. This will be changed in about a month as we put ISA inline and use all of its capabilities.

Failed Connection Attempt
WINISA01 2/12/2008 1:22:28 PM
Log type: Web Proxy (Forward)
Status: 995 The I/O operation has been aborted because of either a thread exit or an application request.
Rule: WebTraffic Out
Source: Internal (10.121.90.14)
Destination: External (131.107.115.40:443)
Request: mpa.one.microsoft.com:443
Filter information: Req ID: 0c762fb6; Compression: client=No, server=No, compress rate=0% decompress rate=0%
Protocol: SSL-tunnel
User: VCS\HendersonD

< Message edited by HendersonD -- 12.Feb.2008 1:51:36 PM >
Post #: 1
RE: SSL-Tunnel blocked? - 15.Feb.2008 1:31:50 PM   
randy_ray

 

Posts: 59
Joined: 7.Sep.2002
From: Houston, TX
Status: offline
I'm experiencing this same problem but have ISA2004 installed as the edge firewall with two nics.  Clients can either be SNAT or proxy but most have proxy configured in browser.  The clients presently affected by the 995 error are connecting to Citrix based vpn over SSL.  They connect but after 5 minutes they receive an error indicating their Internet connection has been interrupted.

(in reply to HendersonD)
Post #: 2

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA 2006 Firewall] >> Access Policies >> SSL-Tunnel blocked? Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts