• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 452
  • Last Modified:

problem publishing ssl site using isa 2006

I am having problems pulishing an internal SSL website using ISA2006. I have created a new rule with the below settings. The problem i'm having is, however i set up the rule or the listener, it will not respond to SSL traffic. The SSL rule is at position 7 in my list of rules. The only rule that responds to the SSL requests is rule 37 local traffic in. i can succesfully access the internal webserver using SSL from an internal machine.

i would be greateful if anybody could offer any help to solve this.

action = allow
from = anywhere
to = internal server name
       forward original host header
       requests come from isa
traffic = HTTPS (standard protocol)
listener = test listener (see below)
public name = all requests
authentication delegation = no delegation, client cannot authenticate directly
bridging = redirect to SSL 443
users = all users

Listener details
networks = external
connections = enable SSL, 443
certificates = valid thawte signed certificate installed
authentication = ssl client certificate authentication
0
beplas
Asked:
beplas
  • 6
  • 5
1 Solution
 
Encrypted1024Commented:
I assume you went through the web publishing wizard in ISA and you have no other ssl sites published on that IP?
0
 
beplasAuthor Commented:
Correct, i used the web publishing wizard. in fact, there are no other rules set to process https traffic.
0
 
Encrypted1024Commented:
Hmm. Are you forwarding to an IP or are you using host headers on your web server? You may want to play with the authentication settings. Also test externally using http:// and https:// just to rule out any redirection issues.
0
Never miss a deadline with monday.com

The revolutionary project management tool is here!   Plan visually with a single glance and make sure your projects get done.

 
beplasAuthor Commented:
i have tried forwarding all requests, and using the specific domain name. i have another rule processing http traffic only based on host headers to the same web server, this rule works perfectly so i know the redirection is working ok.

I've changed the authentication settings a lot over the past day or so, any pointers as to what to look for/change?
0
 
Encrypted1024Commented:
It looks like you have rediretion of port 443 turned on. If you have another web site at port 80 on that server that could be your issue. Try turning off port redirection and navigate to https://yourdomain.com.
0
 
beplasAuthor Commented:
if i untick 'redirect requests to ssl port 443' on the bridging tab of the rule, i get an error saying 'you must select the server type'.

if i untick 'enable ssl on port 443' on the connections tab of the listener, i get an error saying 'you must enable http, ssl, or both'
0
 
Encrypted1024Commented:
Oh, sorry. You are right. Should just work. I am used to looking at the ISA console. Try changing the setting to requests come from original client instead of ISA.
0
 
beplasAuthor Commented:
tried that one too, and still 443 traffic is ignored until the default rule (37). i also tried ticking and unticking 'forward original host header' on the 'to' tab.

gut feeling tells me its something to do with the listener, but i'm not sure what to check.
0
 
beplasAuthor Commented:
there's got to be something blatantly obvious that ive missed somewhere....
0
 
beplasAuthor Commented:
Got it solved! i created a new non-web server publishing rule to pass all 443 traffic through to the web server.

still no idea why the web listener stopped listening though!

Thanks for your help.
0
 
Encrypted1024Commented:
Cool. Glad to hear you got it going. Sometimes strting from scratch is the solution.
0

Featured Post

Learn to develop an Android App

Want to increase your earning potential in 2018? Pad your resume with app building experience. Learn how with this hands-on course.

  • 6
  • 5
Tackle projects and never again get stuck behind a technical roadblock.
Join Now