• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Really weird IPSec problem with surfing to a web site

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA 2006 Web Proxy] >> General >> Really weird IPSec problem with surfing to a web site Page: [1]
Login
Message << Older Topic   Newer Topic >>
Really weird IPSec problem with surfing to a web site - 6.Nov.2008 10:51:14 AM   
RAJP

 

Posts: 53
Joined: 11.Mar.2006
Status: offline
We have ISA 2006 installed in single NIC mode behind another firewall. It uses integrated authentication to allow our clients to surf the 'net.

When we go to www.bissell.com via HTTP (the vacuum cleaner company), our firewall drops an incoming IKE (UDP 500) connection from www.bissell.com. Yes, the simple act of browsing to www.bissell.com automatically causes their web server to initiate a VPN connection back to us.

Their explanation is that they set up IPSec from the web server to their backend servers, a very common practice, and their web server is set up to "request secure communications." They said that if our clients and their server are both set up to "request secure communications", then the IKE connection occurs. ( Microsoft network client: Digitally sign communications (if server agrees) )

If I bypass our ISA proxy, then the automatic IKE connection attempt does not occur.

Sooo, it seems that ISA 2006 is embedding something in the HTTP request (and it is only an HTTP request from us) that is tripping something on their server. In all of the years that we've used ISA, this is the only web site that this has happened with.
 
That kind of tells me that they have something configured incorrectly, but it also tells me that we may have something configured incorrectly since bypassing ISA causes this behavior to stop.
 
If anyone can shed any light on what the heck is going on, I'd sure like to hear it.
 
Thanks,
 
Ray
Post #: 1

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA 2006 Web Proxy] >> General >> Really weird IPSec problem with surfing to a web site Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts