RE: Connection Issue
- From: "Eric Poole" <EPoole@xxxxxxxxxxxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Tue, 2 Sep 2003 09:11:16 -0700
Hi Tom, yes they are only using 80 and 443. I think you are right with
the funky java. Plus, we had a problem a bit ago where our PIX was
using a routing table on some tucked away router, when it was removed,
nothing worked right. ACL's on the PIX looked fine but were not
working. Plugged router back in and things started working again. Our
network team says that the issue has been resolved, but I still feel
that ISA is being blocked by our PIX in some cases.
Eric Poole
IS Security Analyst
Community Medical Centers <http://communitymedical.org/>
1140 "T" Street, Fresno, California 93721
559-459-6784 (phone) 559-459-2045 (fax)
-----Original Message-----
From: "Thomas W Shinder"
<tshinder@xxxxxxxxxxxxxxxxxx>@CHCC
Sent: Monday, September 01, 2003 9:25 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Connection Issue
http://www.ISAserver.org
Hi Eric,
If they only use 80 and 443, then there should be no
problem. I connect to my banks using SSL and never have a problem.
SSL bridging isn't an issue for outbound requests
(unless you're using Web Proxy chaining) because you can't connect a
browser client to the Outgoing Web Requests listener using SSL (would
be a great feature, though).
SSL bridging in only an issue for inbound requests.
That allows the firewall to examine the contents of inbound SSL
connection for malicious content/commands.
So, on a pure protocol basis, I don't see where ISA
would be a problem. However, they might be using some funky Java code
that could be causing problems.
HTH,
Tom
Thomas W Shinderwww.isaserver.org/shinder << File:
http://www.isaserver.org/shinder >>
ISA Server and Beyond: http://tinyurl.com/1jq1 << File:
http://tinyurl.com/1jq1 >>
Configuring ISA Server: http://tinyurl.com/1llp << File:
http://tinyurl.com/1llp >>
-----Original Message-----
From: Eric Poole [mailto:EPoole@xxxxxxxxxxxxxxxxxxxx]
Sent: Friday, August 29, 2003 2:05 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Connection Issue
http://www.ISAserver.org
A thank you to all (even thewisenheimers!).
Discussions have begunwith our network teamusing the input provided
here as baseline issues. Thanks again!
Let me add something, I just read
-http://www.isaserver.org/tutorials/Understanding_SSL_bridging_and_tunne
ling_within_ISA.html << File:
http://www.isaserver.org/tutorials/Understanding_SSL_bridging_and_tunnel
ing_within_ISA.html >> - and one of our issues is connecting to a
specific site that uses https. All that they say is needed is port 80
and 443. Yet the darn thing keeps timing out/locking up! We have
multiple banking sites that we use that do not have issues...could ISA
be the problem? Vendor states that they have read about known issues
with ISA and SSL? Theycouldn't provide any links and I haven't been
able to find them. Any thoughts?
Eric Poole
IS Security AnalystCommunity Medical Centers << File:
http://communitymedical.org/ >>
1140 "T" Street, Fresno, California 93721
559-459-6784 (phone) 559-459-2045 (fax)
------------------------------------------------------
List Archives:
http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter:
http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ:
http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory:
http://www.serverfiles.com
No.1 Exchange Server Resource Site:
http://www.msexchange.org
Windows Security Resource Site:
http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org
Discussion List as: epoole@xxxxxxxxxxxxxxxxxxxx
To unsubscribe send a blank email to
$subst('Email.Unsub')
Other related posts:
