default rule blocking http and https (Full Version)

All Forums >> [ISA 2006 Publishing] >> Exchange Publishing



Message

rwalle -> default rule blocking http and https (25.Jun.2008 4:28:18 PM)



Hello ,


Have the following configuration:

In the dmz of my firewall x I have a ISA 2006 server running. The isa server is configured :

single network card

I made an OWA publishing rule and import the certificate from the owa server. The owa server name : webmail.domain a.local and is on the trusted network of the firewall x.

On the internet there is an DNS entry webmail.domain b.eu which is pointing to the sec ip address of firewall x which hits via nat the isa server.

Because I am new with configuring ISA server I am not sure how I had to configure the certificate. I tried both names. webmail.domain a.local and webmail.domain b.eu

On the isaserver I changed the hosts file to point to the ip address of the owa server. DNS on the isa server is configured to point to an dns server on the trusted network of firewall x. I now the hosts file should take preference over the dns server.

I am also not sure if this is the correct DNS configuration but it makes sense to me.

When I put https:// webmail.domain b.eu I can see on firewall x that nat is taking place and in the logging of the isa server I can see incoming traffic.

In the same logging I can see that connection is denied by default rule but when I look at destination network this is empty. This Look strange to me.
Making a access rule ( http and https) from all networks to all networks does not work.

In my browser https://webmail.domain b.eu gives an warning about the certificate and afterwards the page cannot be displayed:
Error Code: 403 Forbidden. The server denied the specified Uniform Resource Locator (URL). Contact the server administrator. (12202)


I you can put me on the right track thanks a lot in advance.

Regards,

Robbie



paulo.oliveira -> RE: default rule blocking http and https (25.Jun.2008 4:49:21 PM)

Hi Robbie,

read this article, it may give you a clue: http://www.isaserver.org/articles/2004unihomedowapart1.html

Regards,
Paulo Oliveira.



rwalle -> RE: default rule blocking http and https (26.Jun.2008 8:21:40 AM)

Thanks,

Read the article and made the following adjustment.

Certificate is now from webmail.domain b.eu according to the article

And I made a new zone for domain b.eu on the internal dns server.
And made an  a record  for webmail.domain b. eu pointing at the internal ip address. So for the internal clients it is ok

I also imported the certificate again but still same problem.

Regards ,

Robbie



paulo.oliveira -> RE: default rule blocking http and https (26.Jun.2008 10:50:51 AM)

Hi,

I´m almost sure the problem is on your DNS server. Did you set the correct IP address on your DNS? Check if you can resolve the name, not from the internal network.

Regards,
Paulo Oliveira.



rwalle -> RE: default rule blocking http and https (27.Jun.2008 6:40:32 AM)

It is working now !!!

From the article I tried to use the website publishing wizard. Publish web site instead of the publish exchange web client access.

After  I did this I saw a login screen appear from the isa server. So I thought  is was solved but I wasn't able to logon. Looking at the eventviewer on the isa server I saw that I was trying to logon on the isa server itself with off course no luck. So I configured Radius and I was able to logon on the owa server. (this was visible in the event viewer of the owa server) but afterward there was error in the brower.

So I thought to change the publish rule, to
I filled in with computer name or ip address ( required if the internal site name is different or not resolvable): ip address of owa server on the trusted network.

After that I was able to login in and see mail !
What I find strange is paths :

I filled her in /* and this working but when I fill in /public/* and /exchange/* and /exchweb/*  it is not working

Robbie



Page: [1]