problem publishing ssl site using isa 2006

I am having problems pulishing an internal SSL website using ISA2006. I have created a new rule with the below settings. The problem i'm having is, however i set up the rule or the listener, it will not respond to SSL traffic. The SSL rule is at position 7 in my list of rules. The only rule that responds to the SSL requests is rule 37 local traffic in. i can succesfully access the internal webserver using SSL from an internal machine.

i would be greateful if anybody could offer any help to solve this.

action = allow
from = anywhere
to = internal server name
       forward original host header
       requests come from isa
traffic = HTTPS (standard protocol)
listener = test listener (see below)
public name = all requests
authentication delegation = no delegation, client cannot authenticate directly
bridging = redirect to SSL 443
users = all users

Listener details
networks = external
connections = enable SSL, 443
certificates = valid thawte signed certificate installed
authentication = ssl client certificate authentication
beplasAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Encrypted1024Commented:
I assume you went through the web publishing wizard in ISA and you have no other ssl sites published on that IP?
0
beplasAuthor Commented:
Correct, i used the web publishing wizard. in fact, there are no other rules set to process https traffic.
0
Encrypted1024Commented:
Hmm. Are you forwarding to an IP or are you using host headers on your web server? You may want to play with the authentication settings. Also test externally using http:// and https:// just to rule out any redirection issues.
0
Powerful Yet Easy-to-Use Network Monitoring

Identify excessive bandwidth utilization or unexpected application traffic with SolarWinds Bandwidth Analyzer Pack.

beplasAuthor Commented:
i have tried forwarding all requests, and using the specific domain name. i have another rule processing http traffic only based on host headers to the same web server, this rule works perfectly so i know the redirection is working ok.

I've changed the authentication settings a lot over the past day or so, any pointers as to what to look for/change?
0
Encrypted1024Commented:
It looks like you have rediretion of port 443 turned on. If you have another web site at port 80 on that server that could be your issue. Try turning off port redirection and navigate to https://yourdomain.com.
0
beplasAuthor Commented:
if i untick 'redirect requests to ssl port 443' on the bridging tab of the rule, i get an error saying 'you must select the server type'.

if i untick 'enable ssl on port 443' on the connections tab of the listener, i get an error saying 'you must enable http, ssl, or both'
0
Encrypted1024Commented:
Oh, sorry. You are right. Should just work. I am used to looking at the ISA console. Try changing the setting to requests come from original client instead of ISA.
0
beplasAuthor Commented:
tried that one too, and still 443 traffic is ignored until the default rule (37). i also tried ticking and unticking 'forward original host header' on the 'to' tab.

gut feeling tells me its something to do with the listener, but i'm not sure what to check.
0
beplasAuthor Commented:
there's got to be something blatantly obvious that ive missed somewhere....
0
beplasAuthor Commented:
Got it solved! i created a new non-web server publishing rule to pass all 443 traffic through to the web server.

still no idea why the web listener stopped listening though!

Thanks for your help.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Encrypted1024Commented:
Cool. Glad to hear you got it going. Sometimes strting from scratch is the solution.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Networking

From novice to tech pro — start learning today.