Within the Microsoft Office products, there are occasions when content from the internet needs to be accessed. For example, to get clip art, design templates, or help. When we try to pull design templates from the net into Powerpoint, ISA blocks the request, the output is shown below. I am guessing that since ISA cannot look at the traffic inside the SSL tunnel, it errors on the safe side and blocks this traffic. Is there any way to allow this on my ISA server?
The other thing that is a bit confusing is my web access rule allows HTTP, HTTPs, and FTP. What is the difference between allowing HTTPs traffic and denying SSL-Tunnel?
One more piece of possibly relevant information, we are running in one nic mode and just using ISA for web proxy. This will be changed in about a month as we put ISA inline and use all of its capabilities.
Failed Connection Attempt WINISA01 2/12/2008 1:22:28 PM Log type: Web Proxy (Forward) Status: 995 The I/O operation has been aborted because of either a thread exit or an application request. Rule: WebTraffic Out Source: Internal (10.121.90.14) Destination: External (220.127.116.11:443) Request: mpa.one.microsoft.com:443 Filter information: Req ID: 0c762fb6; Compression: client=No, server=No, compress rate=0% decompress rate=0% Protocol: SSL-tunnel User: VCS\HendersonD
< Message edited by HendersonD -- 12.Feb.2008 1:51:36 PM >
I'm experiencing this same problem but have ISA2004 installed as the edge firewall with two nics. Clients can either be SNAT or proxy but most have proxy configured in browser. The clients presently affected by the 995 error are connecting to Citrix based vpn over SSL. They connect but after 5 minutes they receive an error indicating their Internet connection has been interrupted.