ISA 2004 Seucre Bridging Mode not working

Posted on 2007-10-16
Last Modified: 2011-08-18
I have followed the following guides both diligently twice over but still can't get the Bridging mode "Secure connection to clients and mail server" to work:
-Publishing OWA Sites using ISA Firewall Web Publishing Rules (2004) Version 1.1 - Thomas Shinder
-Step-by-step Guide to Deploying Microsoft Exchange Server 2003 SP2 Mobile messaging with Windows Mobile 5.0-based Devices.

If I use the Bridging mode, "Standard connections only", it works with HTTPS (SSL) but not with the Secure connection to clients and mail server.

From ISA and on the internal network, there is no problem. My problem is trying to access the OWA site externally from the internet. I can access via HTTPS only when my Bridging mode is set to Standard connections only on the ISA 2004. If I put it to the Secure connection to clients and mail server mode as suggested by the 2 guides above, I get the following error:
Error Code: 408. The operation timed out. The remote server did not respond within the set time allowed. The server might be unavailable at this time. Try again later or contact the server administrator. (12002)
Some things to note :.
-My Cisco Pix is configured to forward all https traffic to my ISA 2004 server.
-Any traffic from the internal interface of Cisco Pix is allowed to go out.
-I am a newbie at configuring OWA and OMA and this is my test lab which is not working currently

Any help appreciated.

Question by:fiji_islander
    LVL 51

    Expert Comment

    by:Keith Alabaster
    How have you installed the certificates on the OWA/OMA server and on the ISA server?
    What service pack of ISA are you using?
    LVL 3

    Author Comment

    Yes, I have installed the certificates on the OWA/OMA front end server and the ISA server as suggested in the guides. I can even do a HTTPS connection to it from the ISA Server (in a workgroup), from the domain controller (internal LAN) or from outside (external) only if the Bridging mode is standard connections.

    If the bridging mode is secure connections, only HTTPS connections that works are from the ISA server and DC and not from the external outside connections.
    LVL 3

    Accepted Solution

    Ok, problem solved today.

    Apparently since my test lab had the ISA 2004 in a workgroup as suggested by the MS step-by-step guide, the SSL connection was broken because there was no default gateway on my Front-End OWA Exchange server which was in a test domain. Once the default gateway was put it, it worked like a beauty!

    Funny the MS guide forgot to mention pointing the default gateway to the ISA 2004. They only mentioned creating a host file for the ISA 2004 to contact the front-end server but never mentioned that the front-end server should have a default gateway pointing back to ISA 2004 since the ISA is not in the domain.
    LVL 51

    Expert Comment

    by:Keith Alabaster
    To be honest, they shouldn't have to. The default gateway entries are standard networking requirements for the base operating system, they would be nothing to do with the fact that Exchange is being used. The inclusion of a domain or workgroup is also not relevant to a default gateway setting - the only reference one would expect to be covered is that the ISA server only has one default gateway and that has to be on the external nic, the internal nic must not have a default gateway entered. just a route statement.

    LVL 1

    Expert Comment

    Closed, 500 points refunded.
    Community Support Moderator

    Featured Post

    Looking for New Ways to Advertise?

    Engage with tech pros in our community with native advertising, as a Vendor Expert, and more.

    Join & Write a Comment

    There are three types of ISA client that can be configured - these can be individual clients or multiples of a client on each PC or server SecureNAT. A SecureNAT client for ISA server is a client machine, work station or server, that has its defa…
    ISA Server detected routes through the network adapter LAN that do not correlate with the network to which this network adapter belongs What does this mean and how can one go about correcting it? In simple terms, this error message indicates t…
    Hi everyone! This is Experts Exchange customer support.  This quick video will show you how to change your primary email address.  If you have any questions, then please Write a Comment below!
    Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

    728 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    15 Experts available now in Live!

    Get 1:1 Help Now