• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

SSL Tunnel conection problems

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2004 Firewall] >> Access Policies >> SSL Tunnel conection problems Page: [1]
Login
Message << Older Topic   Newer Topic >>
SSL Tunnel conection problems - 22.Jul.2005 7:28:00 AM   
philcoo

 

Posts: 8
Joined: 22.Jul.2005
From: UK
Status: offline
Hi everyone, hope you can help a new ISA user.

One of our companies has decided to use ISA server as a web proxy. At the minute I'm testing several situations, including blocking streaming audio, blocking Kazaa and also blocking or allowing products such as MSN Messenger.

I've got one rule blocking protocols such as MMS, PNM and RTSP. My 2nd rule is for internet access and allows FTP, HTTP and HTTPS. If this is left on all content type MSN messenger works. When I change content type to block audio and video content I can no longer sign into messenger. When I run a query I get Denied Connection errors on Port 443 with the SSL-Tunnel protocol.

Can anyone help with this? If any more info is required please contact me,

Thanks,
Phil
Post #: 1
RE: SSL Tunnel conection problems - 22.Jul.2005 9:30:00 AM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Phil,

Since there is an SSL connection involved, the ISA firewall cannot evaluate the content type (since the ISA firewall can't do outbound SSL bridging) and errs on the side of security and blocks the connection.

HTH,
Tom

(in reply to philcoo)
Post #: 2
RE: SSL Tunnel conection problems - 22.Jul.2005 10:33:00 AM   
philcoo

 

Posts: 8
Joined: 22.Jul.2005
From: UK
Status: offline
So is the only way to get messenger to work to leave the rule on 'All Content'? Why is there a protocol for MSN Messenger in ISA 2004 if this won't work? Am I looking at things too simply??
I also tried added a seperate rule with just MSN Messenger as the protocol and still get the same error message.

(in reply to philcoo)
Post #: 3

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2004 Firewall] >> Access Policies >> SSL Tunnel conection problems Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts