Solved

ISA 2006

Posted on 2013-01-06
6
637 Views
Last Modified: 2013-07-10
Hi,


I am unable to open site behind my isa 2006 server.

https://crm.delta.com.tw:8020
0
Comment
Question by:Vshaily
6 Comments
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 38749879
Sorry to hear that.
0
 
LVL 10

Expert Comment

by:cpmcomputers
ID: 38749960
See if this helps


If you're running SBS Premium w/ ISA, then you'll need to add a protocol
definition for TCP 8020. The way ISA works, is that it uses protocol
definitions to define protocol (TCP/UDP/ICMP) and port combinations. It
then uses protocol rules that are based on these definitions as well as
other policy elements like schedules, users, etc. to determin who can go
where when. The effective 'allow all traffic' rule we have in ISA on SBS is
somewhat misleading as it only allows all of the protocols that are
currently defined. If a user tries to access a resource on the internet
using a protocol that is not currently defined in ISA (e.g. TCP 8020), then
ISA is going to deny the outbound request. Adding the new protocol
definition and restarting the Microsoft ISA Server Control service should solve the problem
0
 
LVL 23

Expert Comment

by:Suliman Abu Kharroub
ID: 38750715
create a rule to allow port 8020 from internal to that site.
0
Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

 
LVL 16

Accepted Solution

by:
PaciB earned 500 total points
ID: 38751498
No need to change anything in your rules. You should have an access rule that allow HTTPS to go outside and that's it for the rules...

The problem is that by default ISA/TMG do not allow SSL protocol on any other port than 443.

In your example the URL is https://blahblahblah:8020/... Meaning you want to access a SSL web site on a port that is not 443 !!

You can refer to this article that talks about the same problem : http://social.technet.microsoft.com/Forums/en-US/ForefrontedgeIA/thread/d64b5887-9218-4387-bc95-11906e8bae82/
Even it is not the same port they want to use in the article it's the same cause.

As said in the article you'll have to download the script http://www.isatools.org/tools/isa_tpr.js and use it to allow your specific port 8020 to be used for SSL.
This change wil require a full restart of TMG services, stopping any current connections.


Have a good day.
0
 
LVL 10

Expert Comment

by:cpmcomputers
ID: 38751599
Good Point from PaciB - Missed it was Https:

I had to do the same for Plesk access - SSL on port 8443 - Was ages ago on an SBS2003 box with Isa2004
0
 

Author Comment

by:Vshaily
ID: 38753481
Dear All,

Now i got answer . and it's working fine. I dwonlad this script and run in command prompt of ISA server.

Cscript isa_tpr.js /add Ext8020 8020 . Now it's wprking.  Thanks/
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Exchange 2010 POP 3 setup with MS ForeFront TMG 5 933
Alternatives to replacing ISA forefront server for URL redirect 6 463
ActiveSync issues 16 145
forefront TMG internet logs 1 98
There are three types of ISA client that can be configured - these can be individual clients or multiples of a client on each PC or server SecureNAT. A SecureNAT client for ISA server is a client machine, work station or server, that has its defa…
So the following errors occurs in 2 ways that I am aware of at this stage, and you receive one of the following error messages: ERROR 1. When trying to save a rule: No Web listener is specified for the Web publishing rule Autodiscovery Publishin…
Migrating to Microsoft Office 365 is becoming increasingly popular for organizations both large and small. If you have made the leap to Microsoft’s cloud platform, you know that you will need to create a corporate email signature for your Office 365…
In this video I am going to show you how to back up and restore Office 365 mailboxes using CodeTwo Backup for Office 365. Learn more about the tool used in this video here: http://www.codetwo.com/backup-for-office-365/ (http://www.codetwo.com/ba…

920 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now