Publishing internal SAP site through ISA on different port

Hi There,

I am trying to publish an Internal SAP site url " https://abc.com:50001/xyz/ijx " to the extenal web through an ISA 2006 server. I am not able to get the rule in ISA to redirect website on this custom port. It comes up with error
" The webserver name cannot contain a port number. Port number can be specified int he bridging properties for this rule"

My ISA server is in DMZ and configured on a single NIC.
Can you help me configuring this?
budatiAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Keith AlabasterEnterprise ArchitectCommented:
Not sure what part you are not understanding. It is true, you cannot put a port redirect in a publishing rule in that way. In the Publishing rule itself you state the port number that traffic will be forwarded on and in the listener you configure the port number that traffic will be arriving at the external interface on.
0
budatiAuthor Commented:
Thanks for the quick response. But when I try this solution, Web publishing rule takes this port number " 50001" at the end of the URL and not in the Middle.

0
Keith AlabasterEnterprise ArchitectCommented:
Normally you would not be adding the /abc/xyz in the publishing rule - you would deal with this part under the paths area. Are you not using the SAP Router software to access your SAP services?
0
Simple Misconfiguration =Network Vulnerability

In this technical webinar, AlgoSec will present several examples of common misconfigurations; including a basic device change, business application connectivity changes, and data center migrations. Learn best practices to protect your business from attack.

budatiAuthor Commented:
Hi Keith,


I am trying to publish this internal URL : https://abc.com:50001/xyz/ijx to the external world through  https://eee.com  
 
I am able to access the internal URL https://abc.com:50001/xyz/ijx  from my ISA server.
 
Now while publishing, I am not able to get this internal URL to be redirected through ISA on the port  50001 
 
I tried the earlier solution, after publishing the rule, this is the URL ISA is trying to redirect to.
 
https://abc.com/xyz/ijx:50001 
 
Could you help me configuring this Rule in ISA 2006. That would be great if you can provide me sequential steps.
0
Keith AlabasterEnterprise ArchitectCommented:
You shouldn't be publishing the full destination, just the fqdn part. The page location (/xyz/abc) part should be entered into the Link Transalation section
0
budatiAuthor Commented:
Hi Keith,
Sorry for the dealy in my response. I have published the rule on the server. I try to access the url and get the below error.

Technical Information (for support personnel) Error Code: 500 Internal Server Error. The certificate chain was issued by an authority that is not trusted. (-2146893019)

I have installed the server root certificate from the SAP server on the ISA server, still have the same error.
Is there something i am missing here?
one more thing ..... In the web publishing rule under " bridging",  Do i need to configure any certificate under " use a certificate to authenticate to the SSL web server".
If so, When i check that, I do not see any certificates under the list.
Thanks for your help!
0
Keith AlabasterEnterprise ArchitectCommented:
You need to have installed the cert into ISA and the root cert - it must go into the computer account. Once done, these should show under the user a cert to authenticate ssl cweb server. if it doesn't appear, you cannot bridge ssl.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
budatiAuthor Commented:

Hi Keith,

I have installed the certificate and the root certificate under the personal/certificates folder. I can check in through the MMC that the both the certificates are ok.
However, under the bridging properties of the rule,for internal SSL bridging, I do not see the certificates,
" No valid certificates were found on the server in this array"

What is the path the ISA tries to pull up the certificates from?
Do I need the server certificates to be installed with private key?

***************************************************
The vendor CA certificates show up in the weblistener, which I am using for SSL internet to ISA.
***************************************************
 
 
0
budatiAuthor Commented:
When I test the rule from ISA, I get below error ...
Category: published server certificate error.
Error details: 0x800090325 - The certificate chain was issued by an authority that is not trusted.
 
0
budatiAuthor Commented:
Now the problem is resolved as it was the problem of CA chain of the certifying server certificate.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Software Firewalls

From novice to tech pro — start learning today.