• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

default rule blocking http and https

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA 2006 Publishing] >> Exchange Publishing >> default rule blocking http and https Page: [1]
Login
Message << Older Topic   Newer Topic >>
default rule blocking http and https - 25.Jun.2008 4:28:18 PM   
rwalle

 

Posts: 3
Joined: 25.Jun.2008
Status: offline


Hello ,


Have the following configuration:

In the dmz of my firewall x I have a ISA 2006 server running. The isa server is configured :

single network card

I made an OWA publishing rule and import the certificate from the owa server. The owa server name : webmail.domain a.local and is on the trusted network of the firewall x.

On the internet there is an DNS entry webmail.domain b.eu which is pointing to the sec ip address of firewall x which hits via nat the isa server.

Because I am new with configuring ISA server I am not sure how I had to configure the certificate. I tried both names. webmail.domain a.local and webmail.domain b.eu

On the isaserver I changed the hosts file to point to the ip address of the owa server. DNS on the isa server is configured to point to an dns server on the trusted network of firewall x. I now the hosts file should take preference over the dns server.

I am also not sure if this is the correct DNS configuration but it makes sense to me.

When I put https:// webmail.domain b.eu I can see on firewall x that nat is taking place and in the logging of the isa server I can see incoming traffic.

In the same logging I can see that connection is denied by default rule but when I look at destination network this is empty. This Look strange to me.
Making a access rule ( http and https) from all networks to all networks does not work.

In my browser https://webmail.domain b.eu gives an warning about the certificate and afterwards the page cannot be displayed:
Error Code: 403 Forbidden. The server denied the specified Uniform Resource Locator (URL). Contact the server administrator. (12202)


I you can put me on the right track thanks a lot in advance.

Regards,

Robbie
Post #: 1
RE: default rule blocking http and https - 25.Jun.2008 4:49:21 PM   
paulo.oliveira

 

Posts: 3472
Joined: 3.Jan.2008
From: Amazon, Brazil
Status: offline
Hi Robbie,

read this article, it may give you a clue: http://www.isaserver.org/articles/2004unihomedowapart1.html

Regards,
Paulo Oliveira.

(in reply to rwalle)
Post #: 2
RE: default rule blocking http and https - 26.Jun.2008 8:21:40 AM   
rwalle

 

Posts: 3
Joined: 25.Jun.2008
Status: offline
Thanks,

Read the article and made the following adjustment.

Certificate is now from webmail.domain b.eu according to the article

And I made a new zone for domain b.eu on the internal dns server.
And made an  a record  for webmail.domain b. eu pointing at the internal ip address. So for the internal clients it is ok

I also imported the certificate again but still same problem.

Regards ,

Robbie

(in reply to paulo.oliveira)
Post #: 3
RE: default rule blocking http and https - 26.Jun.2008 10:50:51 AM   
paulo.oliveira

 

Posts: 3472
Joined: 3.Jan.2008
From: Amazon, Brazil
Status: offline
Hi,

Im almost sure the problem is on your DNS server. Did you set the correct IP address on your DNS? Check if you can resolve the name, not from the internal network.

Regards,
Paulo Oliveira.

(in reply to rwalle)
Post #: 4
RE: default rule blocking http and https - 27.Jun.2008 6:40:32 AM   
rwalle

 

Posts: 3
Joined: 25.Jun.2008
Status: offline
It is working now !!!

From the article I tried to use the website publishing wizard. Publish web site instead of the publish exchange web client access.

After  I did this I saw a login screen appear from the isa server. So I thought  is was solved but I wasn't able to logon. Looking at the eventviewer on the isa server I saw that I was trying to logon on the isa server itself with off course no luck. So I configured Radius and I was able to logon on the owa server. (this was visible in the event viewer of the owa server) but afterward there was error in the brower.

So I thought to change the publish rule, to
I filled in with computer name or ip address ( required if the internal site name is different or not resolvable): ip address of owa server on the trusted network.

After that I was able to login in and see mail !
What I find strange is paths :

I filled her in /* and this working but when I fill in /public/* and /exchange/* and /exchweb/*  it is not working

Robbie

(in reply to paulo.oliveira)
Post #: 5

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA 2006 Publishing] >> Exchange Publishing >> default rule blocking http and https Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts