OK, I have an issue with ISA 2006 and an internal web server on a non-standard port.
We have a web server with an OEM supplied application that runs a Tomcat web service and requires internal clients to connect via https and port 8443. This is all internal private IP addresses, and doesn't leave the local segment. Using the ISA2006 as a proxy server, (clients are config'd to use the proxy server via IE settings), attempting to go to this site yields an error message: Error Code: 502 Proxy Error. The specified Secure Sockets Layer (SSL) port is not allowed. ISA Server is not configured to allow SSL requests from this port. Most Web browsers use port 443 for SSL requests. (12204)
I tried a Firewall Policy rule to Allow Internal to Internal on all HTTP and HTTPS traffic, and a rule to Allow Selected Protocol (HTTPS) from All Netowrks to Internal. No effect.
I've read up on extending the tunnel range using the Tunnel Range Editor (http://forums.isaserver.org/m_2002068112/mpage_1/tm.htm) and have downloaded, installed and run the ISAtrpe GUI editor. I added a port range from 8443 to 8443 to the GUI interface, and it shows up. Have restarted the ISA service and even rebooted. I cannot get to the server via port 8443. If I check the box on the IE client "Bypass proxy server for local addresses", then I can get there. Obviously, I have a work arround, but, I'd like to understand what's configured wrong and if there's a configuration work arround instead.
Any help/insight would be greatly appreciated.
Windows Server 2003 SP2 ISA 2006 SP1 Single NIC - Edge mode Proxy and web cache only Private IP address range
From: New Jersey
You don't have a work-around, you have a proper, working solution. ISA generally is not used to access internal sites, so clicking the "Bypass Proxy for Internal Sites" is the correct thing to do. If you publish WPAD for auto-configuration, you can define a similar setting there and have it handed out to all workstations.