Allow custom SSL ports

Hello there,

I am running ISA Server 2004 Standard Edition as a web proxy. Recently a user had to access a site via SSL, but on port 10000.
Here's what the browser returned:

Network Access Message: The page cannot be displayed
 
Technical Information (for Support personnel)
Error Code: 502 Proxy Error. The specified Secure Sockets Layer (SSL) port is not allowed. ISA Server is not configured to allow SSL requests from this port. Most Web browsers use port 443 for SSL requests. (12204)
IP Address: x.x.x.x
Date: 11/30/2007 9:58:59 AM
Server: x.x.x
Source: proxy  

Is there a way to allow SSL to go through custom port 10000?

Thanks in advance.
ntossiouAsked:
Who is Participating?
 
Keith AlabasterConnect With a Mentor Enterprise ArchitectCommented:
Just as an aside, it should be 10.0.0.0 - 10.0.0.255 - the broadcast address is also internal and therefore needs to be included.

try running the BPZ - you need .net 1.1 installed to run this.
http://www.microsoft.com/downloads/details.aspx?FamilyId=D22EC2B9-4CD3-4BB6-91EC-0829E5F84063&displaylang=en


0
 
Keith AlabasterEnterprise ArchitectCommented:
A few products are like this - as I recall Sidewinder, requires port 10000 on SSL.

Download this vbs script - courtesy Jim Harrison and put in a range from 10000 - 10000

Use the ISA Tunnel Port Tool - not the ISATPRE

Read the guide though :) - works perfectly everytime.

Keith
0
 
ntossiouAuthor Commented:
Keith,

Thanks a lot again for your comments. Was there any link in your reply? I couldn't find any. Would you be so kind to re-post the URLs?
Thanks in advance.
0
KuppingerCole Reviews AlgoSec in Executive Report

Leading analyst firm, KuppingerCole reviews AlgoSec's Security Policy Management Solution, and the security challenges faced by companies today in their Executive View report.

 
Keith AlabasterEnterprise ArchitectCommented:
lol - so sorry.....

http://www.isatools.org/tools.asp?Context=ISA2004

Remember, use the tool, NOT the ISATpre
0
 
ntossiouAuthor Commented:
OK, I ran the script on the ISA server as follows:

cscript isa_tpr.js /add port10000 10000

I restarted the firewall service and now the error message I'm getting is:

Network Access Message: The page cannot be displayed
 
Technical Information (for Support personnel)
Error Code: 502 Proxy Error. The host server is unreachable. (10065)
IP Address: X.X.X.X
Date: 12/3/2007 12:03:58 PM
Server: X.X.X
Source: proxy  

The server we're trying to access is the web server, where our site is hosted and it works. Port 10000 is to access the webstats.
Any ideas?
0
 
Keith AlabasterEnterprise ArchitectCommented:
OK - the 10065 message is saying that there is no route to the destination but the traffic would be allowed otherwise.

Check your LAT table (configuration - networks - internal - properties -addressing etc)
Can you do a tracert to the site OK?
0
 
ntossiouAuthor Commented:
Hi Keith,

Yes, I can do a tracert to the site, both from a client computer as well as from the ISA server machine itself.
What exactly should I check in the LAT table?
0
 
Keith AlabasterEnterprise ArchitectCommented:
What IP addresses are listed?
0
 
ntossiouAuthor Commented:
The IP address range of our private network, 10.0.0.0 - 10.0.0.254
0
 
ntossiouAuthor Commented:
Keith,

I'll be gone for 2 weeks, therefore I won't be able to try it. I'm awarding you with the points because it seems that the site we were trying to access has been down, the ISA configuration for port 10000 was OK.
Thanks again.
0
All Courses

From novice to tech pro — start learning today.