Allow custom SSL ports
Hello there,
I am running ISA Server 2004 Standard Edition as a web proxy. Recently a user had to access a site via SSL, but on port 10000.
Here's what the browser returned:
Network Access Message: The page cannot be displayed
Technical Information (for Support personnel)
Error Code: 502 Proxy Error. The specified Secure Sockets Layer (SSL) port is not allowed. ISA Server is not configured to allow SSL requests from this port. Most Web browsers use port 443 for SSL requests. (12204)
IP Address: x.x.x.x
Date: 11/30/2007 9:58:59 AM
Server: x.x.x
Source: proxy
Is there a way to allow SSL to go through custom port 10000?
Thanks in advance.
I am running ISA Server 2004 Standard Edition as a web proxy. Recently a user had to access a site via SSL, but on port 10000.
Here's what the browser returned:
Network Access Message: The page cannot be displayed
Technical Information (for Support personnel)
Error Code: 502 Proxy Error. The specified Secure Sockets Layer (SSL) port is not allowed. ISA Server is not configured to allow SSL requests from this port. Most Web browsers use port 443 for SSL requests. (12204)
IP Address: x.x.x.x
Date: 11/30/2007 9:58:59 AM
Server: x.x.x
Source: proxy
Is there a way to allow SSL to go through custom port 10000?
Thanks in advance.
ASKER
Keith,
Thanks a lot again for your comments. Was there any link in your reply? I couldn't find any. Would you be so kind to re-post the URLs?
Thanks in advance.
Thanks a lot again for your comments. Was there any link in your reply? I couldn't find any. Would you be so kind to re-post the URLs?
Thanks in advance.
lol - so sorry.....
http://www.isatools.org/tools.asp?Context=ISA2004
Remember, use the tool, NOT the ISATpre
http://www.isatools.org/tools.asp?Context=ISA2004
Remember, use the tool, NOT the ISATpre
ASKER
OK, I ran the script on the ISA server as follows:
cscript isa_tpr.js /add port10000 10000
I restarted the firewall service and now the error message I'm getting is:
Network Access Message: The page cannot be displayed
Technical Information (for Support personnel)
Error Code: 502 Proxy Error. The host server is unreachable. (10065)
IP Address: X.X.X.X
Date: 12/3/2007 12:03:58 PM
Server: X.X.X
Source: proxy
The server we're trying to access is the web server, where our site is hosted and it works. Port 10000 is to access the webstats.
Any ideas?
cscript isa_tpr.js /add port10000 10000
I restarted the firewall service and now the error message I'm getting is:
Network Access Message: The page cannot be displayed
Technical Information (for Support personnel)
Error Code: 502 Proxy Error. The host server is unreachable. (10065)
IP Address: X.X.X.X
Date: 12/3/2007 12:03:58 PM
Server: X.X.X
Source: proxy
The server we're trying to access is the web server, where our site is hosted and it works. Port 10000 is to access the webstats.
Any ideas?
OK - the 10065 message is saying that there is no route to the destination but the traffic would be allowed otherwise.
Check your LAT table (configuration - networks - internal - properties -addressing etc)
Can you do a tracert to the site OK?
Check your LAT table (configuration - networks - internal - properties -addressing etc)
Can you do a tracert to the site OK?
ASKER
Hi Keith,
Yes, I can do a tracert to the site, both from a client computer as well as from the ISA server machine itself.
What exactly should I check in the LAT table?
Yes, I can do a tracert to the site, both from a client computer as well as from the ISA server machine itself.
What exactly should I check in the LAT table?
What IP addresses are listed?
ASKER
The IP address range of our private network, 10.0.0.0 - 10.0.0.254
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Keith,
I'll be gone for 2 weeks, therefore I won't be able to try it. I'm awarding you with the points because it seems that the site we were trying to access has been down, the ISA configuration for port 10000 was OK.
Thanks again.
I'll be gone for 2 weeks, therefore I won't be able to try it. I'm awarding you with the points because it seems that the site we were trying to access has been down, the ISA configuration for port 10000 was OK.
Thanks again.
Download this vbs script - courtesy Jim Harrison and put in a range from 10000 - 10000
Use the ISA Tunnel Port Tool - not the ISATPRE
Read the guide though :) - works perfectly everytime.
Keith