Solved

SSL connextion problem to a site with ISA 2004

Posted on 2010-09-21
7
1,116 Views
Last Modified: 2012-05-10
Hello,

I am trying to access this website https://www.ipayables.net/ but it fails from my local network. The 3 images never loads and same with the page.

I tried with firewall client disabled: does not work
I tried from my DMZ: it works
Tried from another network that does not passthrough our ISA 2004: it works

Everything points to my ISA 2004 SP3 server. I tried also from the ISA and it didn't work. When I try to access from the clients and check the ISA log I get the following:

Log type: Web Proxy (Forward)
Status: 995 The I/O operation has been aborted because of either a thread exit or an application request.  
Rule: Allow HTTP
Source: Internal ( 10.0.3.202:0)
Destination: External ( 64.79.162.158:443)
Request: www.ipayables.net:443
Filter information: Req ID: 125c3bbc; Compression:None
Protocol: SSL-tunnel
User: anonymous
 Additional information
Client agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.10) Gecko/20100914 Firefox/3.6.10
Object source: Internet Processing time: 0
Cache info: 0x0 MIME type:  

Is there anything I can do to fix this? BTW I have an access rule that allows traffic from Internal + localhost to the external for protocol HTTP + HTTPS.

Thank you
0
Comment
Question by:Vision_Globale
7 Comments
 
LVL 23

Expert Comment

by:Suliman Abu Kharroub
ID: 33730218
do you use a web fillter beside ISA server such as GFI web monitor, then you need to add that URL to a white list URLs.
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 33731920
Sounds like it may be using traffic in addition to http/https for that site as part of its startup in advance of the ssl tunnel being created.
open the rule up to allow all protocols rather than just http/https as a quick test.

If it then works then you will need to dig in to the log monitor to see what additional protocol you need to allow.

Remember to reduce your rule back to http/https + whatever the additional protocol required.
0
 

Author Comment

by:Vision_Globale
ID: 33734152
Looks like the problem was with the ISA cache...
I increased the size then reboot during out of office hours and the website was working.
Which brings me to my question... Do you still see a use to have the cache enabled on ISA?

I mean, back in the days when the Internet was slower I could understand that. Here we have a dedicated 100mbps line so I'm wondering if it is still needed...
0
Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

 
LVL 51

Accepted Solution

by:
Keith Alabaster earned 250 total points
ID: 33736412
Personally I don't use it for the exact reason you state.
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 33736435
Might also be beneficial to run the ISA best practice analyser (not the FTMG version) to see if anything more untoward might have been present although a reboot would likely mask any other issues from the time of the problem.
0
 
LVL 29

Assisted Solution

by:pwindell
pwindell earned 250 total points
ID: 33738695
It may have just been the reboot that got it working and had nothing to do with the Cache size.

As far as caching,...I never use it ,...ever.   It is always left diabled (never configured to start with).   Speed difference might be debatable,...but what is a couple milliseconds among humans that cannot even perceive a couple Full seconds difference in anything anyway?  But communication is certainly more dependable and has fewer failure points when caching is not used
0
 

Author Closing Comment

by:Vision_Globale
ID: 33744265
Thank you
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Suggested Solutions

I have been asked to explain on many, many occasions the correct way to setup network cards and DNS settings on ISA Server 2004, 2006 and forefront Threat management gateway (FTMG) and have willing done so. I have also promised my self everytime tha…
Imagine a situation that you have installed SSL (http://en.wikipedia.org/wiki/Secure_Sockets_Layer) Certificate on your Cisco ASA (Cisco Adaptive Security Appliance) firewall. Installation of SSL certificate on ASA is an another topic for which you …
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
This video explains how to create simple products associated to Magento configurable product and offers fast way of their generation with Store Manager for Magento tool.

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now