Solved

Microsoft, ISA, 3.0, Installed on the domain network but being accessed through WAN VPN links from remote workgroup sites

Posted on 2007-12-06
8
356 Views
Last Modified: 2012-06-27
I have set up an ISA server to allow remote sites access to the Internet, but only a selection of website.  This has been working fine using a ISA server on the main network and setting the proxy on remote site client to this server on port 8080.  The remote sites connect back to the network over a VPN WAN link.
We have recently required these sites access to a website which requires a logon, which then goes to a HTTPS page. When it redirects to the HTTPS page the error message says:

The page cannot be displayed
There is a problem with  

The rest of the error message page is not displayed.

The page is
0
Comment
Question by:ghutchins
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
8 Comments
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 20418912
No such thing as ISA 3.0 - Do you mean ISA2000? 2004? 2006?

The port 8080 is the port number that clients use to talk to the ISA server, not the port they use to talk to the website. The traffic leaves ISA on the port specified in the type of traffic (default is 80 for http, 443 for https)

Sounds like the request is being redirected to another https page that is not running port 443. ISA, by default, only allows https traffic to be used on port 443 - if the required https site uses a different port number then the site would be blocked.

Open the isa gui, select monitoring - logging - start query.
What do you see in the log when access is made from a client?
Does the site work OK when a connection attempt is made from a local client (rather than from a client at one of your branch offices).

0
 

Author Comment

by:ghutchins
ID: 20419197
Sorry it's ISA 2000 SP2.

I can access the site fine from a local client.
0
 

Author Comment

by:ghutchins
ID: 20419998
Please see the log below, I have ****** out the IP address:


date      time      s-computername      cs-referred      r-host      r-ip      r-port      time-taken      cs-bytes      sc-bytes      cs-protocol      s-operation      cs-uri      s-object-source      sc-status
01/12/2007      17:07:04      MPISA02      -      www.cfs-uk.com      ***********      80      344      300      972      http      GET      http://www.cfs-uk.com/      VFInet      200
01/12/2007      17:07:04      MPISA02      -      www.cfs-uk.com      ***********      80      125      341      4260      http      GET      http://www.cfs-uk.com/left.htm      VFInet      200
01/12/2007      17:07:04      MPISA02      -      www.cfs-uk.com      ***********      80      266      340      599      http      GET      http://www.cfs-uk.com/top.htm      VFInet      200
01/12/2007      17:07:04      MPISA02      -      www.cfs-uk.com      ***********      80      63      341      2364      http      GET      http://www.cfs-uk.com/main.htm      VFInet      200
01/12/2007      17:07:04      MPISA02      -      www.cfs-uk.com      ***********      80      94      264      1607      http      GET      http://www.cfs-uk.com/cfs.css      VFInet      200
01/12/2007      17:07:05      MPISA02      -      www.cfs-uk.com      ***********      80      219      271      417      http      GET      http://www.cfs-uk.com/menu%20dot.gif      VFInet      200
01/12/2007      17:07:05      MPISA02      -      www.cfs-uk.com      ***********      80      360      265      8753      http      GET      http://www.cfs-uk.com/left.gif      VFInet      200
01/12/2007      17:07:05      MPISA02      -      www.cfs-uk.com      ***********      80      156      266      418      http      GET      http://www.cfs-uk.com/blank.gif      VFInet      200
01/12/2007      17:07:05      MPISA02      -      www.cfs-uk.com      ***********      80      282      267      540      http      GET      http://www.cfs-uk.com/top-bkg.gif      VFInet      200
01/12/2007      17:07:05      MPISA02      -      www.cfs-uk.com      ***********      80      187      263      15196      http      GET      http://www.cfs-uk.com/top.gif      VFInet      200
01/12/2007      17:07:05      MPISA02      -      www.cfs-uk.com      ***********      80      94      265      2022      http      GET      http://www.cfs-uk.com/cfs2.css      VFInet      200
01/12/2007      17:07:05      MPISA02      -      www.cfs-uk.com      ***********      80      63      267      187      http      GET      http://www.cfs-uk.com/slogan.gif      VFInet      302
01/12/2007      17:07:07      MPISA02      -      www.cfs-uk.com      ***********      80      734      271      19331      http      GET      http://www.cfs-uk.com/snapfront2.jpg      VFInet      200
01/12/2007      17:07:07      MPISA02      -      www.cfs-uk.com      ***********      80      109      294      2245      http      GET      http://www.cfs-uk.com/slogan.gif/retry=a0db9a9f4c7af5a08071      Inet      200
01/12/2007      17:07:08      MPISA02      -      www.cfs-uk.com      ***********      80      1657      271      27725      http      GET      http://www.cfs-uk.com/snapfront1.jpg      Inet      200
01/12/2007      17:07:13      MPISA02      -      www.cfs-uk.com      -      443      -      -      -      SSL-tunnel      -      www.cfs-uk.com:443      Inet      12202
01/12/2007      17:07:25      MPISA02      -      www.cfs-uk.com      ***********      80      78      267      2245      http      GET      http://www.cfs-uk.com/slogan.gif      Inet      200
01/12/2007      17:07:37      MPISA02      -      www.cfs-uk.com      -      443      -      -      -      SSL-tunnel      -      www.cfs-uk.com:443      Inet      12202
0
Is your NGFW recommended by NSS Labs?

Ours is! NSS Labs Next Generation Firewall Test gives the WatchGuard Firebox M4600 a "Recommended" rating! Curious where your NGFW landed on the  Security Value Map? See the map and download the full report today!

 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 20422129
what rules do you have from vpn clients to external?
0
 

Author Comment

by:ghutchins
ID: 20582064
The problem was the website was redirecting to another domain. I allowed the companies IP range and the problem was resolved
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 20583852
Yes, if the rules do not include the required sources/destinationss then traffic flow is not allowed.
0
 
LVL 1

Accepted Solution

by:
Computer101 earned 0 total points
ID: 21186046
PAQed with points refunded (500)

Computer101
EE Admin
0

Featured Post

Salesforce Made Easy to Use

On-screen guidance at the moment of need enables you & your employees to focus on the core, you can now boost your adoption rates swiftly and simply with one easy tool.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This is the first one of a series of articles I’ll be writing to address technical issues that are always referred to as network problems. The network boundaries have changed, therefore having an understanding of how each piece in the network  puzzl…
If you use NetMotion Mobility on your PC and plan to upgrade to Windows 10, it may not work unless you take these steps.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

724 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question