Discussion about SSL Tunnel Port Range Article (Full Version)

All Forums >> [ISA Server 2004 Cache] >> General



Message


tshinder -> Discussion about SSL Tunnel Port Range Article (29.Nov.2004 5:38:00 AM)

This thread is for discussing the article on extending the ISA firewall's SSL tunnel port range over at http://isaserver.org/articles/2004tunnelportrange.html

Thanks!
Tom

[ November 29, 2004, 07:05 AM: Message edited by: tshinder ]




Ara.A -> RE: Discussion about SSL Tunnel Port Range Article (29.Nov.2004 5:57:00 AM)

Thank you [Big Grin]
by the way, what is XXX for? [Big Grin] [Wink]

[ November 29, 2004, 05:58 AM: Message edited by: Ara ]




tshinder -> RE: Discussion about SSL Tunnel Port Range Article (29.Nov.2004 7:06:00 AM)

Hi Ara,

It was just a placeholder. Fixed now.

Thanks!
Tom




tinto -> RE: Discussion about SSL Tunnel Port Range Article (30.Nov.2004 3:59:00 PM)

many thanks, I was finally able to add a port.
I had tried with isa_tpr.js /add....
but it did not work, while

cscript isa_..... worked fine!

What's the difference?




tinto -> RE: Discussion about SSL Tunnel Port Range Article (30.Nov.2004 4:18:00 PM)

there is a little thing unclear to me

"Note that if you have unbound the Web Proxy filter from the HTTP protocol"

I've understand -I think_ what's the meaning of this but I don't know what is the way to "unbound the WPfilter from HTTP"
[Cool]




jneumann -> RE: Discussion about SSL Tunnel Port Range Article (3.Dec.2004 8:19:00 AM)

Thanks for this great information. We have an actual problem. We need to forward https request to an upstream Proxy on a different port (e.g. 1234).
I configured the second possible port for SSL connections, but how to configure that all request leave at the new port 1234 instead of 1234?




jrod212 -> RE: Discussion about SSL Tunnel Port Range Article (17.Dec.2004 8:35:00 PM)

The isatools.org site isn't available, therefore these scripts are not available. What happened? Is there somewhere else I could get them from?




zeograz -> RE: Discussion about SSL Tunnel Port Range Article (20.Dec.2004 7:53:00 PM)

Does this also apply to a website address that uses non-standard ports in the URL and regular http (not https)?

I am getting blank pages when I try to access these types of URLS (see example below). The page below is the page that I am trying to go to...it is linked to when you click submit on another page.

http://egvsys.miamidade.gov:1608/wwwserv/ggvt/txcaw01.dia?folio=3050190130410




tshinder -> RE: Discussion about SSL Tunnel Port Range Article (23.Dec.2004 11:25:00 AM)

quote:
Originally posted by Tinto:
there is a little thing unclear to me

"Note that if you have unbound the Web Proxy filter from the HTTP protocol"

I've understand -I think_ what's the meaning of this but I don't know what is the way to "unbound the WPfilter from HTTP"
[Cool]

Hi Tinto,

If you look at the properties of the HTTP protocol definition, you'll see that the Web Proxy filter is associated with it. If you uncheck that checkbox, you unbind the Web Proxy filter from the protocol.

HTH,
Tom




tshinder -> RE: Discussion about SSL Tunnel Port Range Article (23.Dec.2004 11:25:00 AM)

quote:
Originally posted by Arminius:
Thanks for this great information. We have an actual problem. We need to forward https request to an upstream Proxy on a different port (e.g. 1234).
I configured the second possible port for SSL connections, but how to configure that all request leave at the new port 1234 instead of 1234?

Hi Arminius,

This configuration requires Web Proxy chaining.

HTH,
Tom




tshinder -> RE: Discussion about SSL Tunnel Port Range Article (23.Dec.2004 11:26:00 AM)

quote:
Originally posted by jrod212:
The isatools.org site isn't available, therefore these scripts are not available. What happened? Is there somewhere else I could get them from?

Hi J,

Should be up now.

HTH,
Tom




tshinder -> RE: Discussion about SSL Tunnel Port Range Article (23.Dec.2004 11:26:00 AM)

quote:
Originally posted by zeograz:
Does this also apply to a website address that uses non-standard ports in the URL and regular http (not https)?

I am getting blank pages when I try to access these types of URLS (see example below). The page below is the page that I am trying to go to...it is linked to when you click submit on another page.

http://egvsys.miamidade.gov:1608/wwwserv/ggvt/txcaw01.dia?folio=3050190130410

Hi Zeo,

No problem with alternate ports for HTTP. I got there just fine.

HTH,
Tom




Guest -> RE: Discussion about SSL Tunnel Port Range Article (26.Jan.2005 9:17:00 PM)

Can you just change the high port value to 444 (for example) in the SSL entry if port 444 is to be added to the SSL range?




tshinder -> RE: Discussion about SSL Tunnel Port Range Article (28.Jan.2005 2:56:00 AM)

Hi BW,

Sure, you can make a range of one port.

HTH,
Tom




hardmandez -> RE: Discussion about SSL Tunnel Port Range Article (21.Feb.2005 12:23:00 PM)

Hi,

I have tried both opening a port and and using the script and and enabling the web proxy filter but I still can not connect to the HTTPS site. I can not even see any connection being initiated inusing either of the methods I do get a SSL Tunnel Failed. Attempt Allow HTTP/HTTPS requests from ISA Server to selected servers for connectivity verifiers.

Any ideas??

Many thanks

HDZ




wodger -> RE: Discussion about SSL Tunnel Port Range Article (22.Feb.2005 10:26:00 AM)

Have you restarted the ISA Control Service?




Robertb68 -> RE: Discussion about SSL Tunnel Port Range Article (26.Apr.2005 7:43:00 PM)

Is this 2004 specific or can I do this with 2000 as well. I have to get to a site with an SSL port of 4443. Thanks




wayneoakley99 -> RE: Discussion about SSL Tunnel Port Range Article (10.May2005 3:09:00 AM)

guess i am a little thick tonight

used the gui app on isa 2004 and it shows the port i added (8050) (thanks for the app).

but, now what, i really can't figure out what comes next in allowing the use of http://xxx.com:8050 it just gets the proxy error.

the client is configured to use port 8080 on the proxy setting

thanks

wayne




gavsta -> RE: Discussion about SSL Tunnel Port Range Article (6.Jun.2005 6:34:00 AM)

I've been trying to download the files listed in this article all morning and have been unable to.

is the isatools.org site down? can anyone help me get the files?

i'm trying to solve a problem where users are trying to access https on french sites which is posing big problems for our finances and want to increase the ssl port range.

any help appreciated.




bkhorsa -> RE: Discussion about SSL Tunnel Port Range Article (8.Jun.2005 4:41:00 PM)

Tom;
Your articles have been truly informative. Can you provide some quick feedback on this scenario please:

The internal network has three VLANs courtesy of a Layer 3 switch. The ISA 2004 Firewall is configured with two NICs. Despite entering the addresses of all three VLANs in my Internal network definition, only the firewall clients in the same VLAN as the ISA Server can access the external FTP servers.

Do I need to have four (4) NICs corresponding to the three internal networks and the one external network to make this configuration work? or is there a simpler approach?

Thanks for your guidance.




Page: [1] 2 3   next >   >>