Proxy bypass for SSL-Tunnel

Proxy bypass for SSL-Tunnel (Full Version)

All Forums >> [ISA 2006 Web Proxy] >> General

Message

HendersonD -> Proxy bypass for SSL-Tunnel (25.Jun.2008 3:36:14 PM)
I have users that login to a particular web application that is not playing well with ISA. I want to be able to bypass the proxy for the particular site. When I watch the traffic pass through ISA it is going to: http://iepdirect.edutech.org:443 It shows this as an SSL tunnel. Even when I include this site in the list of sites to bypass with the proxy, the traffic still goes through ISA. Any ideas on how I can bypass this site through ISA?

pwindell -> RE: Proxy bypass for SSL-Tunnel (25.Jun.2008 5:15:57 PM)
You can't bypass the ISA if the ISA is physically in the way. When the ISA is physically in the way you will always go through the ISA which is the way it is supposed to be. However what you can do is alter what type of Client you operate as while you are going through the ISA. Have the Firewall Client installed on the Client. Disable the proxy settings in the Browser. Try again,..what happens?

HendersonD -> RE: Proxy bypass for SSL-Tunnel (26.Jun.2008 3:57:15 PM)
This is a single nic ISA server so I am only using it as a web proxy so it is not physically in the way. The only traffic passing through it is http, https, and ftp traffic from web browsers. I have put several sites in the bypass proxy list and it works fine. When I monitor traffic in ISA from a client to these sites, none of the traffic passes through ISA. The problem becomes the particular site I am trying to bypass the proxy simply will not do it. The site is listed in my first post and the traffic shows in the ISA monitor as an SSL-Tunnel

pwindell -> RE: Proxy bypass for SSL-Tunnel (26.Jun.2008 5:13:10 PM)
Did you set these sites to bypass in the local browser or in the Web Browser config in the ISA MMC? If you haven't done it, clean out the settings in the local browser and add them in at the ISA. MMC-->Configuration--->Networks--->Networks Tab--->Properties--->Web Browser Tab. Check all three checkboxes,..add the Domains to the Direct Access Box,...check the last checkbox and set Direct Access. Be sure not to enter them as URLs,..they need to be ServerName.DomainName.tld,...or I believe you can use IP#s or IP Ranges. Here's a link to an article on ths site for doing this: Configuring Sites for Direct Access: Part 1 – Configuring Direct Access for Web Proxy Connections http://www.isaserver.org/articles/2004directaccessp1.html

HendersonD -> RE: Proxy bypass for SSL-Tunnel (1.Jul.2008 1:22:02 PM)
I did have the site listed in web browser tab but it still would not bypass. I did not have the "Directly access computers specified in the address tab checked". As soon as I checked this, the bypass worked. The site I had listed did end up being in the range of addresses specified in the address tab. It still is a bit puzzling since just having the site name listed in the web browser tab should have worked. Once that check box was checked and the IP address associated with this site was also bypassed, the bypass truly worked. I am thankful that it is now working correclty. Thanks for your help

Page: [1]