Solved

SSL connextion problem to a site with ISA 2004

Posted on 2010-09-21
7
1,134 Views
Last Modified: 2012-05-10
Hello,

I am trying to access this website https://www.ipayables.net/ but it fails from my local network. The 3 images never loads and same with the page.

I tried with firewall client disabled: does not work
I tried from my DMZ: it works
Tried from another network that does not passthrough our ISA 2004: it works

Everything points to my ISA 2004 SP3 server. I tried also from the ISA and it didn't work. When I try to access from the clients and check the ISA log I get the following:

Log type: Web Proxy (Forward)
Status: 995 The I/O operation has been aborted because of either a thread exit or an application request.  
Rule: Allow HTTP
Source: Internal ( 10.0.3.202:0)
Destination: External ( 64.79.162.158:443)
Request: www.ipayables.net:443 
Filter information: Req ID: 125c3bbc; Compression:None
Protocol: SSL-tunnel
User: anonymous
 Additional information
Client agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.10) Gecko/20100914 Firefox/3.6.10
Object source: Internet Processing time: 0
Cache info: 0x0 MIME type:  

Is there anything I can do to fix this? BTW I have an access rule that allows traffic from Internal + localhost to the external for protocol HTTP + HTTPS.

Thank you
0
Comment
Question by:Vision_Globale
7 Comments
 
LVL 23

Expert Comment

by:Suliman Abu Kharroub
ID: 33730218
do you use a web fillter beside ISA server such as GFI web monitor, then you need to add that URL to a white list URLs.
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 33731920
Sounds like it may be using traffic in addition to http/https for that site as part of its startup in advance of the ssl tunnel being created.
open the rule up to allow all protocols rather than just http/https as a quick test.

If it then works then you will need to dig in to the log monitor to see what additional protocol you need to allow.

Remember to reduce your rule back to http/https + whatever the additional protocol required.
0
 

Author Comment

by:Vision_Globale
ID: 33734152
Looks like the problem was with the ISA cache...
I increased the size then reboot during out of office hours and the website was working.
Which brings me to my question... Do you still see a use to have the cache enabled on ISA?

I mean, back in the days when the Internet was slower I could understand that. Here we have a dedicated 100mbps line so I'm wondering if it is still needed...
0
Surfing Is Meant To Be Done Outdoors

Featuring its rugged IP67 compliant exterior and delivering broad, fast, and reliable Wi-Fi coverage, the AP322 is the ideal solution for the outdoors. Manage this AP with either a Firebox as a gateway controller, or with the Wi-Fi Cloud for an expanded set of management features

 
LVL 51

Accepted Solution

by:
Keith Alabaster earned 250 total points
ID: 33736412
Personally I don't use it for the exact reason you state.
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 33736435
Might also be beneficial to run the ISA best practice analyser (not the FTMG version) to see if anything more untoward might have been present although a reboot would likely mask any other issues from the time of the problem.
0
 
LVL 29

Assisted Solution

by:pwindell
pwindell earned 250 total points
ID: 33738695
It may have just been the reboot that got it working and had nothing to do with the Cache size.

As far as caching,...I never use it ,...ever.   It is always left diabled (never configured to start with).   Speed difference might be debatable,...but what is a couple milliseconds among humans that cannot even perceive a couple Full seconds difference in anything anyway?  But communication is certainly more dependable and has fewer failure points when caching is not used
0
 

Author Closing Comment

by:Vision_Globale
ID: 33744265
Thank you
0

Featured Post

Resolve Critical IT Incidents Fast

If your data, services or processes become compromised, your organization can suffer damage in just minutes and how fast you communicate during a major IT incident is everything. Learn how to immediately identify incidents & best practices to resolve them quickly and effectively.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Microsoft's ISA Server has been its pre-eminent security product for about a decade and is still regarded amongst the well-informed as one of the best software firewalls and application gateways ever released, by any manufacturer. ISA Server has bee…
Microservice architecture adoption brings many advantages, but can add intricacy. Selecting the right orchestration tool is most important for business specific needs.
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question