• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Allowing VPN Clients HTTPS Access through ISA 2006 NLB Array

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA 2006 Firewall] >> VPN >> Allowing VPN Clients HTTPS Access through ISA 2006 NLB Array Page: [1]
Login
Message << Older Topic   Newer Topic >>
Allowing VPN Clients HTTPS Access through ISA 2006 NLB ... - 17.Apr.2008 2:34:25 PM   
ButlerKevinD

 

Posts: 21
Joined: 28.Mar.2003
From: Little Rock, Ark
Status: offline
Good day everyone. My question to you all relates to our ISA 2006 EE deployment scenario here. We have two arrays, one specifically for VPN, the other for Proxy. On the VPN array, users are able to connect and browse to both internal and external HTTP:// based web sites with no problems. Both VPN and Proxy arrays are load balanced, with the VIP on the VPN bound to the external interfaces.
Unfortunately, any VPN connections on the VPN array to web sites that begin with or redirected to an HTTPS:// site do not load at all. I have looked at all my rules pertaining to outbound traffic and have even tried adding an explicit rule that allows HTTP:// and HTTPS:// traffic going outbound. What is it that I am missing here or have not done properly?  Of course, if the end users disable the default gateway option on their VPN connection on the client, everything works fine. And since I am not about to go down the path of split tunneling, that is not an viable option.
Thanks in advance for any replies and suggestions.
 
Kevin D. Butler, MCP
University of Arkansas for Medical Sciences
IT Technical Security Department
4301 West Markham, Slot #802
Little Rock, Arkansas 72205
(501) 526-6391 Wk
“The limits of my language mean the limits of my world.”
„Die Grenzen meiner Sprache bedeuten die Grenzen meiner Welt.“

Ludwig Wittgenstein (1889-1951)
Tractatus Logico-Philosophicus (1922)
Post #: 1
RE: Allowing VPN Clients HTTPS Access through ISA 2006 ... - 19.Apr.2008 7:41:45 AM   
remdotc

 

Posts: 42
Joined: 18.Feb.2005
From: Detroit, USA
Status: offline
how do you have your vpn users ip addresses setup? Are they being assigned an ip address via your LAN DHCP server, or are you manually assigning them an ip address?

(in reply to ButlerKevinD)
Post #: 2
RE: Allowing VPN Clients HTTPS Access through ISA 2006 ... - 21.Apr.2008 6:18:22 PM   
ButlerKevinD

 

Posts: 21
Joined: 28.Mar.2003
From: Little Rock, Ark
Status: offline
Currently, we have a static pool of ip addresses assigned to each connecting vpn client. DNS and WINS information is automatically pulled from our DHCP server. Since the ip ranges for VPN (currently 2 subnets) is isolated to itself, I have entertained creating a DHCP scope to dynamically assign ip addresses out. Another reason for the static pool is that we have some legacy apps that require a handful of VPN users to have statically assigned ip addresses via their domain account. If assigning ip's via DHCP versus a static pool is recommended, will that address my problem of clients being able to resolve any HTTPS:// sites whilst connected to the VPN array?

(in reply to remdotc)
Post #: 3

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA 2006 Firewall] >> VPN >> Allowing VPN Clients HTTPS Access through ISA 2006 NLB Array Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts