Solved

Allow custom SSL ports

Posted on 2007-11-30
10
3,921 Views
Last Modified: 2012-06-27
Hello there,

I am running ISA Server 2004 Standard Edition as a web proxy. Recently a user had to access a site via SSL, but on port 10000.
Here's what the browser returned:

Network Access Message: The page cannot be displayed
 
Technical Information (for Support personnel)
Error Code: 502 Proxy Error. The specified Secure Sockets Layer (SSL) port is not allowed. ISA Server is not configured to allow SSL requests from this port. Most Web browsers use port 443 for SSL requests. (12204)
IP Address: x.x.x.x
Date: 11/30/2007 9:58:59 AM
Server: x.x.x
Source: proxy  

Is there a way to allow SSL to go through custom port 10000?

Thanks in advance.
0
Comment
Question by:ntossiou
  • 5
  • 5
10 Comments
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 20383885
A few products are like this - as I recall Sidewinder, requires port 10000 on SSL.

Download this vbs script - courtesy Jim Harrison and put in a range from 10000 - 10000

Use the ISA Tunnel Port Tool - not the ISATPRE

Read the guide though :) - works perfectly everytime.

Keith
0
 

Author Comment

by:ntossiou
ID: 20385116
Keith,

Thanks a lot again for your comments. Was there any link in your reply? I couldn't find any. Would you be so kind to re-post the URLs?
Thanks in advance.
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 20385525
lol - so sorry.....

http://www.isatools.org/tools.asp?Context=ISA2004

Remember, use the tool, NOT the ISATpre
0
 

Author Comment

by:ntossiou
ID: 20394907
OK, I ran the script on the ISA server as follows:

cscript isa_tpr.js /add port10000 10000

I restarted the firewall service and now the error message I'm getting is:

Network Access Message: The page cannot be displayed
 
Technical Information (for Support personnel)
Error Code: 502 Proxy Error. The host server is unreachable. (10065)
IP Address: X.X.X.X
Date: 12/3/2007 12:03:58 PM
Server: X.X.X
Source: proxy  

The server we're trying to access is the web server, where our site is hosted and it works. Port 10000 is to access the webstats.
Any ideas?
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 20395136
OK - the 10065 message is saying that there is no route to the destination but the traffic would be allowed otherwise.

Check your LAT table (configuration - networks - internal - properties -addressing etc)
Can you do a tracert to the site OK?
0
IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 

Author Comment

by:ntossiou
ID: 20395723
Hi Keith,

Yes, I can do a tracert to the site, both from a client computer as well as from the ISA server machine itself.
What exactly should I check in the LAT table?
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 20395741
What IP addresses are listed?
0
 

Author Comment

by:ntossiou
ID: 20395751
The IP address range of our private network, 10.0.0.0 - 10.0.0.254
0
 
LVL 51

Accepted Solution

by:
Keith Alabaster earned 500 total points
ID: 20395771
Just as an aside, it should be 10.0.0.0 - 10.0.0.255 - the broadcast address is also internal and therefore needs to be included.

try running the BPZ - you need .net 1.1 installed to run this.
http://www.microsoft.com/downloads/details.aspx?FamilyId=D22EC2B9-4CD3-4BB6-91EC-0829E5F84063&displaylang=en


0
 

Author Comment

by:ntossiou
ID: 20402488
Keith,

I'll be gone for 2 weeks, therefore I won't be able to try it. I'm awarding you with the points because it seems that the site we were trying to access has been down, the ISA configuration for port 10000 was OK.
Thanks again.
0

Featured Post

What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

There are several problems reported according slow link speeds or poor performance in TMG 2010, UAG 2010 or ISA 2006. I want to collect here some of the common issues together to give a brief overview what can be the reason. Nevertheless, not all of…
The Need In an Active Directory enviroment, the PDC emulator provide time synchronization for the domain. This is important since Active Directory uses Kerberos for authentication.  By default, if the time difference between systems is off by more …
In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…
This video explains how to create simple products associated to Magento configurable product and offers fast way of their generation with Store Manager for Magento tool.

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now