RE: "Failed Connection Attempt" for SSL-tunnel (443) protocol
- From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Thu, 12 Jan 2006 14:26:14 -0600
WHOA.
Are you saying this is ISA on SBS?
That's quite different and a "oh by the way, how was the play Mrs.
Lincoln" moment :)
Tom
Thomas W Shinder, M.D.
Site: www.isaserver.org <http://www.isaserver.org/>
Blog: http://spaces.msn.com/members/drisa/
Book: http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7>
MVP -- ISA Firewalls
**Who is John Galt?**
________________________________
From: Jonathon J. Howey [mailto:Jonathon@xxxxxxx]
Sent: Thursday, January 12, 2006 2:21 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: "Failed Connection Attempt" for
SSL-tunnel (443) protocol
http://www.ISAserver.org
I dunno, that's why I'm asking. My machine uses Kerberos of
course to talk to the DC (same server as ISA; SBS 2003), and the UDP
packets go through just fine, so thats why im wondering why the TCP ones
are being denied.
Jonathon J. Howey
KPSA Compliance Management Inc.
P 780.409.5620
F 780.409.5621
D 780.409.5628
C 780.965.8363
Jonathon@xxxxxxx
Guiding the Future of Transportation
www.KPSA.ca <http://www.kpsa.ca/>
________________________________
From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx]
Sent: January 12, 2006 1:09 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: "Failed Connection Attempt" for
SSL-tunnel (443) protocol
http://www.ISAserver.org
Why would it be allowed in the first place?
Thomas W Shinder, M.D.
Site: www.isaserver.org <http://www.isaserver.org/>
Blog: http://spaces.msn.com/members/drisa/
Book: http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7>
MVP -- ISA Firewalls
**Who is John Galt?**
________________________________
From: Jonathon J. Howey [mailto:Jonathon@xxxxxxx]
Sent: Thursday, January 12, 2006 1:37 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: "Failed Connection Attempt" for
SSL-tunnel (443) protocol
http://www.ISAserver.org
For some reason, Kerberos-Sec (TCP) is being denied
between ISA Server and my internal server. Would this have something to
do with it?
I deleted my rule I made earlier for the connection
between the external server and my internal server for port 80/443 and
the SSL-tunnel seems to be connecting.
Jonathon J. Howey
KPSA Compliance Management Inc.
P 780.409.5620
F 780.409.5621
D 780.409.5628
C 780.965.8363
Jonathon@xxxxxxx
Guiding the Future of Transportation
www.KPSA.ca <http://www.kpsa.ca/>
________________________________
From: Jonathon J. Howey [mailto:Jonathon@xxxxxxx]
Sent: January 12, 2006 12:21 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: "Failed Connection Attempt" for
SSL-tunnel (443) protocol
http://www.ISAserver.org
Wouldn't the
"
Do NOT configure the client as a Web proxy client.
UNBIND the Web proxy filter from the HTTP protocol.
"
affect all traffic passing through my ISA?
Jonathon J. Howey
KPSA Compliance Management Inc.
P 780.409.5620
F 780.409.5621
D 780.409.5628
C 780.965.8363
Jonathon@xxxxxxx
Guiding the Future of Transportation
www.KPSA.ca <http://www.kpsa.ca/>
________________________________
From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx]
Sent: January 12, 2006 12:19 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: "Failed Connection Attempt" for
SSL-tunnel (443) protocol
http://www.ISAserver.org
Hi Jonathon,
OK, if we're going to play a guessing game, I would do
this:
Create an SSL Server Publishing Rule
Create an Acess Rule allowing outbound SSL connections.
Do NOT configure the client as a Web proxy client.
UNBIND the Web proxy filter from the HTTP protocol.
HTH,
Tom
Thomas W Shinder, M.D.
Site: www.isaserver.org <http://www.isaserver.org/>
Blog: http://spaces.msn.com/members/drisa/
Book: http://tinyurl.com/3xqb7
<http://tinyurl.com/3xqb7>
MVP -- ISA Firewalls
**Who is John Galt?**
________________________________
From: Jonathon J. Howey
[mailto:Jonathon@xxxxxxx]
Sent: Thursday, January 12, 2006 1:10 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: "Failed Connection
Attempt" for SSL-tunnel (443) protocol
http://www.ISAserver.org
Tom, I'm wondering if I created a Perimeter
network consisting of my internal server and the server I'm trying to
access over 443, if it will work?
Jonathon J. Howey
KPSA Compliance Management Inc.
P 780.409.5620
F 780.409.5621
D 780.409.5628
C 780.965.8363
Jonathon@xxxxxxx
Guiding the Future of Transportation
www.KPSA.ca <http://www.kpsa.ca/>
to listadmin@xxxxxxxxxxxxx
Other related posts:
