Posts: 21
Joined: 28.Mar.2003
From: Little Rock, Ark
Status: offline
Good day everyone. My question to you all relates to our ISA 2006 EE deployment scenario here. We have two arrays, one specifically for VPN, the other for Proxy. On the VPN array, users are able to connect and browse to both internal and external HTTP:// based web sites with no problems. Both VPN and Proxy arrays are load balanced, with the VIP on the VPN bound to the external interfaces. Unfortunately, any VPN connections on the VPN array to web sites that begin with or redirected to an HTTPS:// site do not load at all. I have looked at all my rules pertaining to outbound traffic and have even tried adding an explicit rule that allows HTTP:// and HTTPS:// traffic going outbound. What is it that I am missing here or have not done properly? Of course, if the end users disable the default gateway option on their VPN connection on the client, everything works fine. And since I am not about to go down the path of split tunneling, that is not an viable option. Thanks in advance for any replies and suggestions.
Kevin D. Butler, MCP University of Arkansas for Medical Sciences IT Technical Security Department 4301 West Markham, Slot #802 Little Rock, Arkansas 72205 (501) 526-6391 Wk “The limits of my language mean the limits of my world.” „Die Grenzen meiner Sprache bedeuten die Grenzen meiner Welt.“
Ludwig Wittgenstein (1889-1951) Tractatus Logico-Philosophicus (1922)
Posts: 42
Joined: 18.Feb.2005
From: Detroit, USA
Status: offline
how do you have your vpn users ip addresses setup? Are they being assigned an ip address via your LAN DHCP server, or are you manually assigning them an ip address?
Posts: 21
Joined: 28.Mar.2003
From: Little Rock, Ark
Status: offline
Currently, we have a static pool of ip addresses assigned to each connecting vpn client. DNS and WINS information is automatically pulled from our DHCP server. Since the ip ranges for VPN (currently 2 subnets) is isolated to itself, I have entertained creating a DHCP scope to dynamically assign ip addresses out. Another reason for the static pool is that we have some legacy apps that require a handful of VPN users to have statically assigned ip addresses via their domain account. If assigning ip's via DHCP versus a static pool is recommended, will that address my problem of clients being able to resolve any HTTPS:// sites whilst connected to the VPN array?
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
Printable Version
All Forums >> [ISA 2006 Firewall] >> VPN >> Allowing VPN Clients HTTPS Access through ISA 2006 NLB Array 
Allowing VPN Clients HTTPS Access through ISA 2006 NLB ... - 
New Messages
No New Messages
Hot Topic w/ New Messages
Hot Topic w/o New Messages
Locked w/ New Messages
Locked w/o New Messages
Post New Thread