• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

ISA 2000 and HTTPS problem

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2000 General] >> General >> ISA 2000 and HTTPS problem Page: [1]
Login
Message << Older Topic   Newer Topic >>
ISA 2000 and HTTPS problem - 10.Aug.2004 9:58:00 PM   
tim724342

 

Posts: 8
Joined: 4.Aug.2004
Status: offline
I have a ISA 2000 SP2 and Feature Pack 1 server running on windows 2003 server (member server). It is a brand new install, and everything is in its default state except the following.

A) Assigned an inbound web listner and SSL enabled it (port 80 and 443)

B) Assigned an outbound web listner on port 8080 and SSL enabled it to 8443.

C) I created a Protocol rule to allow all outbound traffic.

D) Obviously, ISA install created a default allow all Site and Content rule.

E) I enabled IP packet filtering, IP routing, Intrusion detection, Fragmented packet filtering and PPTP.

F) Created a Server Publishing rule. Mapped an internal IP to the external NIC's IP and added HTTPS server protocol from the defination.

G) Diabled the HTTP redirector

H) Installed certificate on the IIS server and enabled SSL.

The server is a secureNAT client. I am using my windows XP machine, which is also a SecureNAT client, to access the https://page.mycompany.com from behind the ISA. But I couldn't access the site. IE stays there for a while and says "DNS error or server can't be found". Only this HTTPS site gives me this trouble. Other HTTP and HTTPS traffics flows in and out normally. Particularly, incoming https requests for this site from the internet are fine. It's just I am having trouble if I access it from the intranet.

However, if I set my browser to use the proxy client at ISAserver 8080, I can access the page without any trouble at all.

Shouldn't SecureNAT clients bypass the HTTP redirector and webproxy?

DNS,DHCP, etc servers are fine. Webserver and ISA can be pinged both ways.

Any idea? Thanks for your help in advance

[ August 10, 2004, 10:03 PM: Message edited by: timA ]
Post #: 1
RE: ISA 2000 and HTTPS problem - 11.Aug.2004 9:50:00 PM   
spouseele

 

Posts: 12830
Joined: 1.Jun.2001
From: Belgium
Status: offline
Hi timA,

you should *never* access from internal the published instance of an internal resource. Internal resources should always be access directly from internal hosts.

So, the bottom line is: never loopback through the ISA external interface. For more info, check out http://www.isaserver.org/articles/14120_Errors_Discussion_and_Solution.html .

HTH,
Stefaan

(in reply to tim724342)
Post #: 2

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2000 General] >> General >> ISA 2000 and HTTPS problem Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts