ISA 2004 Seucre Bridging Mode not working

Posted on 2007-10-16
Medium Priority
Last Modified: 2011-08-18
I have followed the following guides both diligently twice over but still can't get the Bridging mode "Secure connection to clients and mail server" to work:
-Publishing OWA Sites using ISA Firewall Web Publishing Rules (2004) Version 1.1 - Thomas Shinder
-Step-by-step Guide to Deploying Microsoft Exchange Server 2003 SP2 Mobile messaging with Windows Mobile 5.0-based Devices.

If I use the Bridging mode, "Standard connections only", it works with HTTPS (SSL) but not with the Secure connection to clients and mail server.

From ISA and on the internal network, there is no problem. My problem is trying to access the OWA site externally from the internet. I can access via HTTPS only when my Bridging mode is set to Standard connections only on the ISA 2004. If I put it to the Secure connection to clients and mail server mode as suggested by the 2 guides above, I get the following error:
Error Code: 408. The operation timed out. The remote server did not respond within the set time allowed. The server might be unavailable at this time. Try again later or contact the server administrator. (12002)
Some things to note :.
-My Cisco Pix is configured to forward all https traffic to my ISA 2004 server.
-Any traffic from the internal interface of Cisco Pix is allowed to go out.
-I am a newbie at configuring OWA and OMA and this is my test lab which is not working currently

Any help appreciated.

Question by:fiji_islander
  • 2
  • 2
LVL 51

Expert Comment

by:Keith Alabaster
ID: 20084650
How have you installed the certificates on the OWA/OMA server and on the ISA server?
What service pack of ISA are you using?

Author Comment

ID: 20087825
Yes, I have installed the certificates on the OWA/OMA front end server and the ISA server as suggested in the guides. I can even do a HTTPS connection to it from the ISA Server (in a workgroup), from the domain controller (internal LAN) or from outside (external) only if the Bridging mode is standard connections.

If the bridging mode is secure connections, only HTTPS connections that works are from the ISA server and DC and not from the external outside connections.

Accepted Solution

fiji_islander earned 0 total points
ID: 20100034
Ok, problem solved today.

Apparently since my test lab had the ISA 2004 in a workgroup as suggested by the MS step-by-step guide, the SSL connection was broken because there was no default gateway on my Front-End OWA Exchange server which was in a test domain. Once the default gateway was put it, it worked like a beauty!

Funny the MS guide forgot to mention pointing the default gateway to the ISA 2004. They only mentioned creating a host file for the ISA 2004 to contact the front-end server but never mentioned that the front-end server should have a default gateway pointing back to ISA 2004 since the ISA is not in the domain.
LVL 51

Expert Comment

by:Keith Alabaster
ID: 20103019
To be honest, they shouldn't have to. The default gateway entries are standard networking requirements for the base operating system, they would be nothing to do with the fact that Exchange is being used. The inclusion of a domain or workgroup is also not relevant to a default gateway setting - the only reference one would expect to be covered is that the ISA server only has one default gateway and that has to be on the external nic, the internal nic must not have a default gateway entered. just a route statement.


Expert Comment

ID: 20334033
Closed, 500 points refunded.
Community Support Moderator

Featured Post


Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Microsoft's ISA Server has been its pre-eminent security product for about a decade and is still regarded amongst the well-informed as one of the best software firewalls and application gateways ever released, by any manufacturer. ISA Server has bee…
Forefront Threat Management Gateway 2010 or FTMG comes with some very neat troubleshooting tools built-in when trying to identify what is actually happening behind the scenes within the product when traffic is passing through its interfaces. To the …
Enter Foreign and Special Characters Enter characters you can't find on a keyboard using its ASCII code ... and learn how to make a handy reference for yourself using Excel ~ Use these codes in any Windows application! ... whether it is a Micr…
Is your organization moving toward a cloud and mobile-first environment? In this transition, your IT department will encounter many challenges, such as navigating how to: Deploy new applications and services to a growing team Accommodate employee…
Suggested Courses

621 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question