?
Solved

Microsoft, ISA, 3.0, Installed on the domain network but being accessed through WAN VPN links from remote workgroup sites

Posted on 2007-12-06
8
Medium Priority
?
362 Views
Last Modified: 2012-06-27
I have set up an ISA server to allow remote sites access to the Internet, but only a selection of website.  This has been working fine using a ISA server on the main network and setting the proxy on remote site client to this server on port 8080.  The remote sites connect back to the network over a VPN WAN link.
We have recently required these sites access to a website which requires a logon, which then goes to a HTTPS page. When it redirects to the HTTPS page the error message says:

The page cannot be displayed
There is a problem with  

The rest of the error message page is not displayed.

The page is
0
Comment
Question by:ghutchins
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
8 Comments
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 20418912
No such thing as ISA 3.0 - Do you mean ISA2000? 2004? 2006?

The port 8080 is the port number that clients use to talk to the ISA server, not the port they use to talk to the website. The traffic leaves ISA on the port specified in the type of traffic (default is 80 for http, 443 for https)

Sounds like the request is being redirected to another https page that is not running port 443. ISA, by default, only allows https traffic to be used on port 443 - if the required https site uses a different port number then the site would be blocked.

Open the isa gui, select monitoring - logging - start query.
What do you see in the log when access is made from a client?
Does the site work OK when a connection attempt is made from a local client (rather than from a client at one of your branch offices).

0
 

Author Comment

by:ghutchins
ID: 20419197
Sorry it's ISA 2000 SP2.

I can access the site fine from a local client.
0
 

Author Comment

by:ghutchins
ID: 20419998
Please see the log below, I have ****** out the IP address:


date      time      s-computername      cs-referred      r-host      r-ip      r-port      time-taken      cs-bytes      sc-bytes      cs-protocol      s-operation      cs-uri      s-object-source      sc-status
01/12/2007      17:07:04      MPISA02      -      www.cfs-uk.com      ***********      80      344      300      972      http      GET      http://www.cfs-uk.com/      VFInet      200
01/12/2007      17:07:04      MPISA02      -      www.cfs-uk.com      ***********      80      125      341      4260      http      GET      http://www.cfs-uk.com/left.htm      VFInet      200
01/12/2007      17:07:04      MPISA02      -      www.cfs-uk.com      ***********      80      266      340      599      http      GET      http://www.cfs-uk.com/top.htm      VFInet      200
01/12/2007      17:07:04      MPISA02      -      www.cfs-uk.com      ***********      80      63      341      2364      http      GET      http://www.cfs-uk.com/main.htm      VFInet      200
01/12/2007      17:07:04      MPISA02      -      www.cfs-uk.com      ***********      80      94      264      1607      http      GET      http://www.cfs-uk.com/cfs.css      VFInet      200
01/12/2007      17:07:05      MPISA02      -      www.cfs-uk.com      ***********      80      219      271      417      http      GET      http://www.cfs-uk.com/menu%20dot.gif      VFInet      200
01/12/2007      17:07:05      MPISA02      -      www.cfs-uk.com      ***********      80      360      265      8753      http      GET      http://www.cfs-uk.com/left.gif      VFInet      200
01/12/2007      17:07:05      MPISA02      -      www.cfs-uk.com      ***********      80      156      266      418      http      GET      http://www.cfs-uk.com/blank.gif      VFInet      200
01/12/2007      17:07:05      MPISA02      -      www.cfs-uk.com      ***********      80      282      267      540      http      GET      http://www.cfs-uk.com/top-bkg.gif      VFInet      200
01/12/2007      17:07:05      MPISA02      -      www.cfs-uk.com      ***********      80      187      263      15196      http      GET      http://www.cfs-uk.com/top.gif      VFInet      200
01/12/2007      17:07:05      MPISA02      -      www.cfs-uk.com      ***********      80      94      265      2022      http      GET      http://www.cfs-uk.com/cfs2.css      VFInet      200
01/12/2007      17:07:05      MPISA02      -      www.cfs-uk.com      ***********      80      63      267      187      http      GET      http://www.cfs-uk.com/slogan.gif      VFInet      302
01/12/2007      17:07:07      MPISA02      -      www.cfs-uk.com      ***********      80      734      271      19331      http      GET      http://www.cfs-uk.com/snapfront2.jpg      VFInet      200
01/12/2007      17:07:07      MPISA02      -      www.cfs-uk.com      ***********      80      109      294      2245      http      GET      http://www.cfs-uk.com/slogan.gif/retry=a0db9a9f4c7af5a08071      Inet      200
01/12/2007      17:07:08      MPISA02      -      www.cfs-uk.com      ***********      80      1657      271      27725      http      GET      http://www.cfs-uk.com/snapfront1.jpg      Inet      200
01/12/2007      17:07:13      MPISA02      -      www.cfs-uk.com      -      443      -      -      -      SSL-tunnel      -      www.cfs-uk.com:443      Inet      12202
01/12/2007      17:07:25      MPISA02      -      www.cfs-uk.com      ***********      80      78      267      2245      http      GET      http://www.cfs-uk.com/slogan.gif      Inet      200
01/12/2007      17:07:37      MPISA02      -      www.cfs-uk.com      -      443      -      -      -      SSL-tunnel      -      www.cfs-uk.com:443      Inet      12202
0
Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 20422129
what rules do you have from vpn clients to external?
0
 

Author Comment

by:ghutchins
ID: 20582064
The problem was the website was redirecting to another domain. I allowed the companies IP range and the problem was resolved
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 20583852
Yes, if the rules do not include the required sources/destinationss then traffic flow is not allowed.
0
 
LVL 1

Accepted Solution

by:
Computer101 earned 0 total points
ID: 21186046
PAQed with points refunded (500)

Computer101
EE Admin
0

Featured Post

On Demand Webinar: Networking for the Cloud Era

Ready to improve network connectivity? Watch this webinar to learn how SD-WANs and a one-click instant connect tool can boost provisions, deployment, and management of your cloud connection.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Resolve DNS query failed errors for Exchange
An article on effective troubleshooting
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question