RE: "Failed Connection Attempt" for SSL-tunnel (443) protocol
- From: "Jonathon J. Howey" <Jonathon@xxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Fri, 13 Jan 2006 10:10:08 -0700
Is there any reason why LDAP would be refused now between this machine
and my SBS with ISA? This Apps server is part of the Internal network
range.
Jonathon J. Howey
KPSA Compliance Management Inc.
P 780.409.5620
F 780.409.5621
D 780.409.5628
C 780.965.8363
Jonathon@xxxxxxx
Guiding the Future of Transportation
www.KPSA.ca <http://www.kpsa.ca/>
________________________________
From: Jonathon J. Howey [mailto:Jonathon@xxxxxxx]
Sent: January 12, 2006 1:52 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: "Failed Connection Attempt" for SSL-tunnel (443)
protocol
http://www.ISAserver.org
Yah :-( didn't think it was that big of a deal ; sorry
Jonathon J. Howey
KPSA Compliance Management Inc.
P 780.409.5620
F 780.409.5621
D 780.409.5628
C 780.965.8363
Jonathon@xxxxxxx
Guiding the Future of Transportation
www.KPSA.ca <http://www.kpsa.ca/>
________________________________
From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx]
Sent: January 12, 2006 1:26 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: "Failed Connection Attempt" for SSL-tunnel (443)
protocol
http://www.ISAserver.org
WHOA.
Are you saying this is ISA on SBS?
That's quite different and a "oh by the way, how was the play Mrs.
Lincoln" moment :)
Tom
Thomas W Shinder, M.D.
Site: www.isaserver.org <http://www.isaserver.org/>
Blog: http://spaces.msn.com/members/drisa/
Book: http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7>
MVP -- ISA Firewalls
**Who is John Galt?**
________________________________
From: Jonathon J. Howey [mailto:Jonathon@xxxxxxx]
Sent: Thursday, January 12, 2006 2:21 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: "Failed Connection Attempt" for
SSL-tunnel (443) protocol
http://www.ISAserver.org
I dunno, that's why I'm asking. My machine uses Kerberos of
course to talk to the DC (same server as ISA; SBS 2003), and the UDP
packets go through just fine, so thats why im wondering why the TCP ones
are being denied.
Jonathon J. Howey
KPSA Compliance Management Inc.
P 780.409.5620
F 780.409.5621
D 780.409.5628
C 780.965.8363
Jonathon@xxxxxxx
Guiding the Future of Transportation
www.KPSA.ca <http://www.kpsa.ca/>
________________________________
From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx]
Sent: January 12, 2006 1:09 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: "Failed Connection Attempt" for
SSL-tunnel (443) protocol
http://www.ISAserver.org
Why would it be allowed in the first place?
Thomas W Shinder, M.D.
Site: www.isaserver.org <http://www.isaserver.org/>
Blog: http://spaces.msn.com/members/drisa/
Book: http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7>
MVP -- ISA Firewalls
**Who is John Galt?**
________________________________
From: Jonathon J. Howey [mailto:Jonathon@xxxxxxx]
Sent: Thursday, January 12, 2006 1:37 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: "Failed Connection Attempt" for
SSL-tunnel (443) protocol
http://www.ISAserver.org
For some reason, Kerberos-Sec (TCP) is being denied
between ISA Server and my internal server. Would this have something to
do with it?
I deleted my rule I made earlier for the connection
between the external server and my internal server for port 80/443 and
the SSL-tunnel seems to be connecting.
Jonathon J. Howey
KPSA Compliance Management Inc.
P 780.409.5620
F 780.409.5621
D 780.409.5628
C 780.965.8363
Jonathon@xxxxxxx
Guiding the Future of Transportation
www.KPSA.ca <http://www.kpsa.ca/>
________________________________
From: Jonathon J. Howey [mailto:Jonathon@xxxxxxx]
Sent: January 12, 2006 12:21 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: "Failed Connection Attempt" for
SSL-tunnel (443) protocol
http://www.ISAserver.org
Wouldn't the
"
Do NOT configure the client as a Web proxy client.
UNBIND the Web proxy filter from the HTTP protocol.
"
affect all traffic passing through my ISA?
Jonathon J. Howey
KPSA Compliance Management Inc.
P 780.409.5620
F 780.409.5621
D 780.409.5628
C 780.965.8363
Jonathon@xxxxxxx
Guiding the Future of Transportation
www.KPSA.ca <http://www.kpsa.ca/>
________________________________
From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx]
Sent: January 12, 2006 12:19 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: "Failed Connection Attempt" for
SSL-tunnel (443) protocol
http://www.ISAserver.org
Hi Jonathon,
OK, if we're going to play a guessing game, I would do
this:
Create an SSL Server Publishing Rule
Create an Acess Rule allowing outbound SSL connections.
Do NOT configure the client as a Web proxy client.
UNBIND the Web proxy filter from the HTTP protocol.
HTH,
Tom
Thomas W Shinder, M.D.
Site: www.isaserver.org <http://www.isaserver.org/>
Blog: http://spaces.msn.com/members/drisa/
Book: http://tinyurl.com/3xqb7
<http://tinyurl.com/3xqb7>
MVP -- ISA Firewalls
**Who is John Galt?**
________________________________
From: Jonathon J. Howey
[mailto:Jonathon@xxxxxxx]
Sent: Thursday, January 12, 2006 1:10 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: "Failed Connection
Attempt" for SSL-tunnel (443) protocol
http://www.ISAserver.org
Tom, I'm wondering if I created a Perimeter
network consisting of my internal server and the server I'm trying to
access over 443, if it will work?
Jonathon J. Howey
KPSA Compliance Management Inc.
P 780.409.5620
F 780.409.5621
D 780.409.5628
C 780.965.8363
Jonathon@xxxxxxx
Guiding the Future of Transportation
www.KPSA.ca <http://www.kpsa.ca/>
to listadmin@xxxxxxxxxxxxx
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
Jonathon@xxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
Jonathon@xxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
Other related posts:
