[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 3984
  • Last Modified:

Allow custom SSL ports

Hello there,

I am running ISA Server 2004 Standard Edition as a web proxy. Recently a user had to access a site via SSL, but on port 10000.
Here's what the browser returned:

Network Access Message: The page cannot be displayed
 
Technical Information (for Support personnel)
Error Code: 502 Proxy Error. The specified Secure Sockets Layer (SSL) port is not allowed. ISA Server is not configured to allow SSL requests from this port. Most Web browsers use port 443 for SSL requests. (12204)
IP Address: x.x.x.x
Date: 11/30/2007 9:58:59 AM
Server: x.x.x
Source: proxy  

Is there a way to allow SSL to go through custom port 10000?

Thanks in advance.
0
ntossiou
Asked:
ntossiou
  • 5
  • 5
1 Solution
 
Keith AlabasterCommented:
A few products are like this - as I recall Sidewinder, requires port 10000 on SSL.

Download this vbs script - courtesy Jim Harrison and put in a range from 10000 - 10000

Use the ISA Tunnel Port Tool - not the ISATPRE

Read the guide though :) - works perfectly everytime.

Keith
0
 
ntossiouAuthor Commented:
Keith,

Thanks a lot again for your comments. Was there any link in your reply? I couldn't find any. Would you be so kind to re-post the URLs?
Thanks in advance.
0
 
Keith AlabasterCommented:
lol - so sorry.....

http://www.isatools.org/tools.asp?Context=ISA2004

Remember, use the tool, NOT the ISATpre
0
Get your Disaster Recovery as a Service basics

Disaster Recovery as a Service is one go-to solution that revolutionizes DR planning. Implementing DRaaS could be an efficient process, easily accessible to non-DR experts. Learn about monitoring, testing, executing failovers and failbacks to ensure a "healthy" DR environment.

 
ntossiouAuthor Commented:
OK, I ran the script on the ISA server as follows:

cscript isa_tpr.js /add port10000 10000

I restarted the firewall service and now the error message I'm getting is:

Network Access Message: The page cannot be displayed
 
Technical Information (for Support personnel)
Error Code: 502 Proxy Error. The host server is unreachable. (10065)
IP Address: X.X.X.X
Date: 12/3/2007 12:03:58 PM
Server: X.X.X
Source: proxy  

The server we're trying to access is the web server, where our site is hosted and it works. Port 10000 is to access the webstats.
Any ideas?
0
 
Keith AlabasterCommented:
OK - the 10065 message is saying that there is no route to the destination but the traffic would be allowed otherwise.

Check your LAT table (configuration - networks - internal - properties -addressing etc)
Can you do a tracert to the site OK?
0
 
ntossiouAuthor Commented:
Hi Keith,

Yes, I can do a tracert to the site, both from a client computer as well as from the ISA server machine itself.
What exactly should I check in the LAT table?
0
 
Keith AlabasterCommented:
What IP addresses are listed?
0
 
ntossiouAuthor Commented:
The IP address range of our private network, 10.0.0.0 - 10.0.0.254
0
 
Keith AlabasterCommented:
Just as an aside, it should be 10.0.0.0 - 10.0.0.255 - the broadcast address is also internal and therefore needs to be included.

try running the BPZ - you need .net 1.1 installed to run this.
http://www.microsoft.com/downloads/details.aspx?FamilyId=D22EC2B9-4CD3-4BB6-91EC-0829E5F84063&displaylang=en


0
 
ntossiouAuthor Commented:
Keith,

I'll be gone for 2 weeks, therefore I won't be able to try it. I'm awarding you with the points because it seems that the site we were trying to access has been down, the ISA configuration for port 10000 was OK.
Thanks again.
0

Featured Post

A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

  • 5
  • 5
Tackle projects and never again get stuck behind a technical roadblock.
Join Now