Hi Tom, yes they are only using 80 and 443. I think you are right with the funky java. Plus, we had a problem a bit ago where our PIX was using a routing table on some tucked away router, when it was removed, nothing worked right. ACL's on the PIX looked fine but were not working. Plugged router back in and things started working again. Our network team says that the issue has been resolved, but I still feel that ISA is being blocked by our PIX in some cases. Eric Poole IS Security Analyst Community Medical Centers <http://communitymedical.org/> 1140 "T" Street, Fresno, California 93721 559-459-6784 (phone) 559-459-2045 (fax) -----Original Message----- From: "Thomas W Shinder" <tshinder@xxxxxxxxxxxxxxxxxx>@CHCC Sent: Monday, September 01, 2003 9:25 AM To: [ISAserver.org Discussion List] Subject: [isalist] RE: Connection Issue http://www.ISAserver.org Hi Eric, If they only use 80 and 443, then there should be no problem. I connect to my banks using SSL and never have a problem. SSL bridging isn't an issue for outbound requests (unless you're using Web Proxy chaining) because you can't connect a browser client to the Outgoing Web Requests listener using SSL (would be a great feature, though). SSL bridging in only an issue for inbound requests. That allows the firewall to examine the contents of inbound SSL connection for malicious content/commands. So, on a pure protocol basis, I don't see where ISA would be a problem. However, they might be using some funky Java code that could be causing problems. HTH, Tom Thomas W Shinderwww.isaserver.org/shinder << File: http://www.isaserver.org/shinder >> ISA Server and Beyond: http://tinyurl.com/1jq1 << File: http://tinyurl.com/1jq1 >> Configuring ISA Server: http://tinyurl.com/1llp << File: http://tinyurl.com/1llp >> -----Original Message----- From: Eric Poole [mailto:EPoole@xxxxxxxxxxxxxxxxxxxx] Sent: Friday, August 29, 2003 2:05 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: Connection Issue http://www.ISAserver.org A thank you to all (even thewisenheimers!). Discussions have begunwith our network teamusing the input provided here as baseline issues. Thanks again! Let me add something, I just read -http://www.isaserver.org/tutorials/Understanding_SSL_bridging_and_tunne ling_within_ISA.html << File: http://www.isaserver.org/tutorials/Understanding_SSL_bridging_and_tunnel ing_within_ISA.html >> - and one of our issues is connecting to a specific site that uses https. All that they say is needed is port 80 and 443. Yet the darn thing keeps timing out/locking up! We have multiple banking sites that we use that do not have issues...could ISA be the problem? Vendor states that they have read about known issues with ISA and SSL? Theycouldn't provide any links and I haven't been able to find them. Any thoughts? Eric Poole IS Security AnalystCommunity Medical Centers << File: http://communitymedical.org/ >> 1140 "T" Street, Fresno, California 93721 559-459-6784 (phone) 559-459-2045 (fax) ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: epoole@xxxxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')