Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1310
  • Last Modified:

Publishing internal SAP site through ISA on different port

Hi There,

I am trying to publish an Internal SAP site url " https://abc.com:50001/xyz/ijx " to the extenal web through an ISA 2006 server. I am not able to get the rule in ISA to redirect website on this custom port. It comes up with error
" The webserver name cannot contain a port number. Port number can be specified int he bridging properties for this rule"

My ISA server is in DMZ and configured on a single NIC.
Can you help me configuring this?
0
budati
Asked:
budati
  • 6
  • 4
1 Solution
 
Keith AlabasterEnterprise ArchitectCommented:
Not sure what part you are not understanding. It is true, you cannot put a port redirect in a publishing rule in that way. In the Publishing rule itself you state the port number that traffic will be forwarded on and in the listener you configure the port number that traffic will be arriving at the external interface on.
0
 
budatiAuthor Commented:
Thanks for the quick response. But when I try this solution, Web publishing rule takes this port number " 50001" at the end of the URL and not in the Middle.

0
 
Keith AlabasterEnterprise ArchitectCommented:
Normally you would not be adding the /abc/xyz in the publishing rule - you would deal with this part under the paths area. Are you not using the SAP Router software to access your SAP services?
0
Automating Your MSP Business

The road to profitability.
Delivering superior services is key to ensuring customer satisfaction and the consequent long-term relationships that enable MSPs to lock in predictable, recurring revenue. What's the best way to deliver superior service? One word: automation.

 
budatiAuthor Commented:
Hi Keith,


I am trying to publish this internal URL : https://abc.com:50001/xyz/ijx to the external world through  https://eee.com  
 
I am able to access the internal URL https://abc.com:50001/xyz/ijx  from my ISA server.
 
Now while publishing, I am not able to get this internal URL to be redirected through ISA on the port  50001 
 
I tried the earlier solution, after publishing the rule, this is the URL ISA is trying to redirect to.
 
https://abc.com/xyz/ijx:50001 
 
Could you help me configuring this Rule in ISA 2006. That would be great if you can provide me sequential steps.
0
 
Keith AlabasterEnterprise ArchitectCommented:
You shouldn't be publishing the full destination, just the fqdn part. The page location (/xyz/abc) part should be entered into the Link Transalation section
0
 
budatiAuthor Commented:
Hi Keith,
Sorry for the dealy in my response. I have published the rule on the server. I try to access the url and get the below error.

Technical Information (for support personnel) Error Code: 500 Internal Server Error. The certificate chain was issued by an authority that is not trusted. (-2146893019)

I have installed the server root certificate from the SAP server on the ISA server, still have the same error.
Is there something i am missing here?
one more thing ..... In the web publishing rule under " bridging",  Do i need to configure any certificate under " use a certificate to authenticate to the SSL web server".
If so, When i check that, I do not see any certificates under the list.
Thanks for your help!
0
 
Keith AlabasterEnterprise ArchitectCommented:
You need to have installed the cert into ISA and the root cert - it must go into the computer account. Once done, these should show under the user a cert to authenticate ssl cweb server. if it doesn't appear, you cannot bridge ssl.
0
 
budatiAuthor Commented:

Hi Keith,

I have installed the certificate and the root certificate under the personal/certificates folder. I can check in through the MMC that the both the certificates are ok.
However, under the bridging properties of the rule,for internal SSL bridging, I do not see the certificates,
" No valid certificates were found on the server in this array"

What is the path the ISA tries to pull up the certificates from?
Do I need the server certificates to be installed with private key?

***************************************************
The vendor CA certificates show up in the weblistener, which I am using for SSL internet to ISA.
***************************************************
 
 
0
 
budatiAuthor Commented:
When I test the rule from ISA, I get below error ...
Category: published server certificate error.
Error details: 0x800090325 - The certificate chain was issued by an authority that is not trusted.
 
0
 
budatiAuthor Commented:
Now the problem is resolved as it was the problem of CA chain of the certifying server certificate.
0

Featured Post

NFR key for Veeam Agent for Linux

Veeam is happy to provide a free NFR license for one year.  It allows for the non‑production use and valid for five workstations and two servers. Veeam Agent for Linux is a simple backup tool for your Linux installations, both on‑premises and in the public cloud.

  • 6
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now