?
Solved

Allow custom SSL ports

Posted on 2007-11-30
10
Medium Priority
?
3,969 Views
Last Modified: 2012-06-27
Hello there,

I am running ISA Server 2004 Standard Edition as a web proxy. Recently a user had to access a site via SSL, but on port 10000.
Here's what the browser returned:

Network Access Message: The page cannot be displayed
 
Technical Information (for Support personnel)
Error Code: 502 Proxy Error. The specified Secure Sockets Layer (SSL) port is not allowed. ISA Server is not configured to allow SSL requests from this port. Most Web browsers use port 443 for SSL requests. (12204)
IP Address: x.x.x.x
Date: 11/30/2007 9:58:59 AM
Server: x.x.x
Source: proxy  

Is there a way to allow SSL to go through custom port 10000?

Thanks in advance.
0
Comment
Question by:ntossiou
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 5
10 Comments
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 20383885
A few products are like this - as I recall Sidewinder, requires port 10000 on SSL.

Download this vbs script - courtesy Jim Harrison and put in a range from 10000 - 10000

Use the ISA Tunnel Port Tool - not the ISATPRE

Read the guide though :) - works perfectly everytime.

Keith
0
 

Author Comment

by:ntossiou
ID: 20385116
Keith,

Thanks a lot again for your comments. Was there any link in your reply? I couldn't find any. Would you be so kind to re-post the URLs?
Thanks in advance.
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 20385525
lol - so sorry.....

http://www.isatools.org/tools.asp?Context=ISA2004

Remember, use the tool, NOT the ISATpre
0
Bringing Advanced Authentication to the SMB Market

WatchGuard announces the acquisition of advanced authentication provider, Datablink, with one mission – to bring secure authentication to SMB, mid-market, and distributed enterprises with a cloud-based solution, ideal for resale via their established channel & MSSP community.

 

Author Comment

by:ntossiou
ID: 20394907
OK, I ran the script on the ISA server as follows:

cscript isa_tpr.js /add port10000 10000

I restarted the firewall service and now the error message I'm getting is:

Network Access Message: The page cannot be displayed
 
Technical Information (for Support personnel)
Error Code: 502 Proxy Error. The host server is unreachable. (10065)
IP Address: X.X.X.X
Date: 12/3/2007 12:03:58 PM
Server: X.X.X
Source: proxy  

The server we're trying to access is the web server, where our site is hosted and it works. Port 10000 is to access the webstats.
Any ideas?
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 20395136
OK - the 10065 message is saying that there is no route to the destination but the traffic would be allowed otherwise.

Check your LAT table (configuration - networks - internal - properties -addressing etc)
Can you do a tracert to the site OK?
0
 

Author Comment

by:ntossiou
ID: 20395723
Hi Keith,

Yes, I can do a tracert to the site, both from a client computer as well as from the ISA server machine itself.
What exactly should I check in the LAT table?
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 20395741
What IP addresses are listed?
0
 

Author Comment

by:ntossiou
ID: 20395751
The IP address range of our private network, 10.0.0.0 - 10.0.0.254
0
 
LVL 51

Accepted Solution

by:
Keith Alabaster earned 1500 total points
ID: 20395771
Just as an aside, it should be 10.0.0.0 - 10.0.0.255 - the broadcast address is also internal and therefore needs to be included.

try running the BPZ - you need .net 1.1 installed to run this.
http://www.microsoft.com/downloads/details.aspx?FamilyId=D22EC2B9-4CD3-4BB6-91EC-0829E5F84063&displaylang=en


0
 

Author Comment

by:ntossiou
ID: 20402488
Keith,

I'll be gone for 2 weeks, therefore I won't be able to try it. I'm awarding you with the points because it seems that the site we were trying to access has been down, the ISA configuration for port 10000 was OK.
Thanks again.
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The Need In an Active Directory enviroment, the PDC emulator provide time synchronization for the domain. This is important since Active Directory uses Kerberos for authentication.  By default, if the time difference between systems is off by more …
Many of us in IT utilize a combination of roaming profiles and folder redirection to ensure user information carries over from one workstation to another; in my environment, it was to enable virtualization without needing a separate desktop for each…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…
Suggested Courses
Course of the Month10 days, 14 hours left to enroll

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question