Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Allow custom SSL ports

Posted on 2007-11-30
10
Medium Priority
?
3,978 Views
Last Modified: 2012-06-27
Hello there,

I am running ISA Server 2004 Standard Edition as a web proxy. Recently a user had to access a site via SSL, but on port 10000.
Here's what the browser returned:

Network Access Message: The page cannot be displayed
 
Technical Information (for Support personnel)
Error Code: 502 Proxy Error. The specified Secure Sockets Layer (SSL) port is not allowed. ISA Server is not configured to allow SSL requests from this port. Most Web browsers use port 443 for SSL requests. (12204)
IP Address: x.x.x.x
Date: 11/30/2007 9:58:59 AM
Server: x.x.x
Source: proxy  

Is there a way to allow SSL to go through custom port 10000?

Thanks in advance.
0
Comment
Question by:ntossiou
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 5
10 Comments
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 20383885
A few products are like this - as I recall Sidewinder, requires port 10000 on SSL.

Download this vbs script - courtesy Jim Harrison and put in a range from 10000 - 10000

Use the ISA Tunnel Port Tool - not the ISATPRE

Read the guide though :) - works perfectly everytime.

Keith
0
 

Author Comment

by:ntossiou
ID: 20385116
Keith,

Thanks a lot again for your comments. Was there any link in your reply? I couldn't find any. Would you be so kind to re-post the URLs?
Thanks in advance.
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 20385525
lol - so sorry.....

http://www.isatools.org/tools.asp?Context=ISA2004

Remember, use the tool, NOT the ISATpre
0
Looking for the Wi-Fi vendor that's right for you?

We know how difficult it can be to evaluate Wi-Fi vendors, so we created this helpful Wi-Fi Buyer's Guide to help you find the Wi-Fi vendor that's right for your business! Download the guide and get started on our checklist today!

 

Author Comment

by:ntossiou
ID: 20394907
OK, I ran the script on the ISA server as follows:

cscript isa_tpr.js /add port10000 10000

I restarted the firewall service and now the error message I'm getting is:

Network Access Message: The page cannot be displayed
 
Technical Information (for Support personnel)
Error Code: 502 Proxy Error. The host server is unreachable. (10065)
IP Address: X.X.X.X
Date: 12/3/2007 12:03:58 PM
Server: X.X.X
Source: proxy  

The server we're trying to access is the web server, where our site is hosted and it works. Port 10000 is to access the webstats.
Any ideas?
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 20395136
OK - the 10065 message is saying that there is no route to the destination but the traffic would be allowed otherwise.

Check your LAT table (configuration - networks - internal - properties -addressing etc)
Can you do a tracert to the site OK?
0
 

Author Comment

by:ntossiou
ID: 20395723
Hi Keith,

Yes, I can do a tracert to the site, both from a client computer as well as from the ISA server machine itself.
What exactly should I check in the LAT table?
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 20395741
What IP addresses are listed?
0
 

Author Comment

by:ntossiou
ID: 20395751
The IP address range of our private network, 10.0.0.0 - 10.0.0.254
0
 
LVL 51

Accepted Solution

by:
Keith Alabaster earned 1500 total points
ID: 20395771
Just as an aside, it should be 10.0.0.0 - 10.0.0.255 - the broadcast address is also internal and therefore needs to be included.

try running the BPZ - you need .net 1.1 installed to run this.
http://www.microsoft.com/downloads/details.aspx?FamilyId=D22EC2B9-4CD3-4BB6-91EC-0829E5F84063&displaylang=en


0
 

Author Comment

by:ntossiou
ID: 20402488
Keith,

I'll be gone for 2 weeks, therefore I won't be able to try it. I'm awarding you with the points because it seems that the site we were trying to access has been down, the ISA configuration for port 10000 was OK.
Thanks again.
0

Featured Post

Threat Trends for MSPs to Watch

See the findings.
Despite its humble beginnings, phishing has come a long way since those first crudely constructed emails. Today, phishing sites can appear and disappear in the length of a coffee break, and it takes more than a little know-how to keep your clients secure.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I have been asked to explain on many, many occasions the correct way to setup network cards and DNS settings on ISA Server 2004, 2006 and forefront Threat management gateway (FTMG) and have willing done so. I have also promised my self everytime tha…
Do you have a windows based Checkpoint SmartCenter for centralized Checkpoint management?  Have you ever backed up the firewall policy residing on the SmartCenter?  If you have then you know the hassles of connecting to the server, doing an upgrade_…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data. But that feeling is fleeting. Attacks these days can happen in many w…
Suggested Courses

610 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question