RE: "Failed Connection Attempt" for SSL-tunnel (443) protocol
- From: "Jonathon J. Howey" <Jonathon@xxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Thu, 12 Jan 2006 13:52:09 -0700
Yah :-( didn't think it was that big of a deal ; sorry
Jonathon J. Howey
KPSA Compliance Management Inc.
P 780.409.5620
F 780.409.5621
D 780.409.5628
C 780.965.8363
Jonathon@xxxxxxx
Guiding the Future of Transportation
www.KPSA.ca <http://www.kpsa.ca/>
________________________________
From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx]
Sent: January 12, 2006 1:26 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: "Failed Connection Attempt" for SSL-tunnel (443)
protocol
http://www.ISAserver.org
WHOA.
Are you saying this is ISA on SBS?
That's quite different and a "oh by the way, how was the play Mrs.
Lincoln" moment :)
Tom
Thomas W Shinder, M.D.
Site: www.isaserver.org <http://www.isaserver.org/>
Blog: http://spaces.msn.com/members/drisa/
Book: http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7>
MVP -- ISA Firewalls
**Who is John Galt?**
________________________________
From: Jonathon J. Howey [mailto:Jonathon@xxxxxxx]
Sent: Thursday, January 12, 2006 2:21 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: "Failed Connection Attempt" for
SSL-tunnel (443) protocol
http://www.ISAserver.org
I dunno, that's why I'm asking. My machine uses Kerberos of
course to talk to the DC (same server as ISA; SBS 2003), and the UDP
packets go through just fine, so thats why im wondering why the TCP ones
are being denied.
Jonathon J. Howey
KPSA Compliance Management Inc.
P 780.409.5620
F 780.409.5621
D 780.409.5628
C 780.965.8363
Jonathon@xxxxxxx
Guiding the Future of Transportation
www.KPSA.ca <http://www.kpsa.ca/>
________________________________
From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx]
Sent: January 12, 2006 1:09 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: "Failed Connection Attempt" for
SSL-tunnel (443) protocol
http://www.ISAserver.org
Why would it be allowed in the first place?
Thomas W Shinder, M.D.
Site: www.isaserver.org <http://www.isaserver.org/>
Blog: http://spaces.msn.com/members/drisa/
Book: http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7>
MVP -- ISA Firewalls
**Who is John Galt?**
________________________________
From: Jonathon J. Howey [mailto:Jonathon@xxxxxxx]
Sent: Thursday, January 12, 2006 1:37 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: "Failed Connection Attempt" for
SSL-tunnel (443) protocol
http://www.ISAserver.org
For some reason, Kerberos-Sec (TCP) is being denied
between ISA Server and my internal server. Would this have something to
do with it?
I deleted my rule I made earlier for the connection
between the external server and my internal server for port 80/443 and
the SSL-tunnel seems to be connecting.
Jonathon J. Howey
KPSA Compliance Management Inc.
P 780.409.5620
F 780.409.5621
D 780.409.5628
C 780.965.8363
Jonathon@xxxxxxx
Guiding the Future of Transportation
www.KPSA.ca <http://www.kpsa.ca/>
________________________________
From: Jonathon J. Howey [mailto:Jonathon@xxxxxxx]
Sent: January 12, 2006 12:21 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: "Failed Connection Attempt" for
SSL-tunnel (443) protocol
http://www.ISAserver.org
Wouldn't the
"
Do NOT configure the client as a Web proxy client.
UNBIND the Web proxy filter from the HTTP protocol.
"
affect all traffic passing through my ISA?
Jonathon J. Howey
KPSA Compliance Management Inc.
P 780.409.5620
F 780.409.5621
D 780.409.5628
C 780.965.8363
Jonathon@xxxxxxx
Guiding the Future of Transportation
www.KPSA.ca <http://www.kpsa.ca/>
________________________________
From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx]
Sent: January 12, 2006 12:19 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: "Failed Connection Attempt" for
SSL-tunnel (443) protocol
http://www.ISAserver.org
Hi Jonathon,
OK, if we're going to play a guessing game, I would do
this:
Create an SSL Server Publishing Rule
Create an Acess Rule allowing outbound SSL connections.
Do NOT configure the client as a Web proxy client.
UNBIND the Web proxy filter from the HTTP protocol.
HTH,
Tom
Thomas W Shinder, M.D.
Site: www.isaserver.org <http://www.isaserver.org/>
Blog: http://spaces.msn.com/members/drisa/
Book: http://tinyurl.com/3xqb7
<http://tinyurl.com/3xqb7>
MVP -- ISA Firewalls
**Who is John Galt?**
________________________________
From: Jonathon J. Howey
[mailto:Jonathon@xxxxxxx]
Sent: Thursday, January 12, 2006 1:10 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: "Failed Connection
Attempt" for SSL-tunnel (443) protocol
http://www.ISAserver.org
Tom, I'm wondering if I created a Perimeter
network consisting of my internal server and the server I'm trying to
access over 443, if it will work?
Jonathon J. Howey
KPSA Compliance Management Inc.
P 780.409.5620
F 780.409.5621
D 780.409.5628
C 780.965.8363
Jonathon@xxxxxxx
Guiding the Future of Transportation
www.KPSA.ca <http://www.kpsa.ca/>
to listadmin@xxxxxxxxxxxxx
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
Jonathon@xxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
Other related posts:
