?
Solved

SSL/ISA Problem

Posted on 2009-04-30
5
Medium Priority
?
883 Views
Last Modified: 2012-05-06
ISA Firewall issue. I have a Pc on our network that uses a VPN dialer to connect to a network.   This is all working.  The connection is established fine.  When the connection occurs, IE opens and tries to load a specific webpage(available only via this VPN).  The page is on a non standard SSL port and I was able to add that port to the SSL-Tunnel ranges using ISA TRPE.  In ISA I can see the request fail.  Is there something else I need to do to enable that new, non standard port in ISA?  I have even gone so far as to add a rule that allows all traffic to that site.  Still no dice.  What am I missing?
0
Comment
Question by:jjtierney
  • 3
  • 2
5 Comments
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 24276991
Are the IP addresses used within the VPN included in the internal lat table?
0
 

Author Comment

by:jjtierney
ID: 24277710
No, and that just occured to me, the VPN tunnel is connected so maybe the web request should bypass the proxy(ISA) and use only the VPN.  Does that make sense?  Or should I add the IP to local LAT?
0
 

Author Comment

by:jjtierney
ID: 24295803
Its like the HTTPS request is not availing itself of the established VPN
0
 
LVL 51

Accepted Solution

by:
Keith Alabaster earned 2000 total points
ID: 24296725
I would expect to see a network entity created for the vpn addresses and rules for inbound and outbound between internal & new network, new network and external, and new network to internal - or - if the vpn addresses are allocated from the internal dhcp scope then they would be in the internal LAT
0
 

Author Comment

by:jjtierney
ID: 24681767
Thanks for the help, this was fixed by my simply adding the URL to the bypass proxy list in IE.  Did this via GPO.  Thanks!
0

Featured Post

Prep for the ITIL® Foundation Certification Exam

December’s Course of the Month is now available! Enroll to learn ITIL® Foundation best practices for delivering IT services effectively and efficiently.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I've written this article to illustrate how we can implement a Dynamic Multipoint VPN (DMVPN) with both hub and spokes having a dynamically assigned non-broadcast multiple-access (NBMA) network IP (public IP). Here is the basic setup of DMVPN Pha…
If you’re involved with your company’s wide area network (WAN), you’ve probably heard about SD-WANs. They’re the “boy wonder” of networking, ostensibly allowing companies to replace expensive MPLS lines with low-cost Internet access. But, are they …
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Suggested Courses

755 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question