RE: "Failed Connection Attempt" for SSL-tunnel (443) protocol

Is there any reason why LDAP would be refused now between this machine
and my SBS with ISA?  This Apps server is part of the Internal network
range.
 
 
Jonathon J. Howey
KPSA Compliance Management Inc.
P 780.409.5620
F 780.409.5621
D 780.409.5628
C 780.965.8363
Jonathon@xxxxxxx
 
Guiding the Future of Transportation
www.KPSA.ca <http://www.kpsa.ca/> 
 
 
 

________________________________

From: Jonathon J. Howey [mailto:Jonathon@xxxxxxx] 
Sent: January 12, 2006 1:52 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: "Failed Connection Attempt" for SSL-tunnel (443)
protocol


http://www.ISAserver.org

Yah :-(   didn't think it was that big of a deal ; sorry
 
Jonathon J. Howey
KPSA Compliance Management Inc.
P 780.409.5620
F 780.409.5621
D 780.409.5628
C 780.965.8363
Jonathon@xxxxxxx
 
Guiding the Future of Transportation
www.KPSA.ca <http://www.kpsa.ca/> 
 
 
 

________________________________

From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] 
Sent: January 12, 2006 1:26 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: "Failed Connection Attempt" for SSL-tunnel (443)
protocol


http://www.ISAserver.org

WHOA.
 
Are you saying this is ISA on SBS?
 
That's quite different and a "oh by the way, how was the play Mrs.
Lincoln" moment :)
 
Tom
 
Thomas W Shinder, M.D.
Site: www.isaserver.org <http://www.isaserver.org/> 
Blog: http://spaces.msn.com/members/drisa/
Book: http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7> 
MVP -- ISA Firewalls
**Who is John Galt?**

 


________________________________

        From: Jonathon J. Howey [mailto:Jonathon@xxxxxxx] 
        Sent: Thursday, January 12, 2006 2:21 PM
        To: [ISAserver.org Discussion List]
        Subject: [isalist] RE: "Failed Connection Attempt" for
SSL-tunnel (443) protocol
        
        
        http://www.ISAserver.org
        
        I dunno, that's why I'm asking.  My machine uses Kerberos of
course to talk to the DC (same server as ISA; SBS 2003), and the UDP
packets go through just fine, so thats why im wondering why the TCP ones
are being denied.
         
         
        Jonathon J. Howey
        KPSA Compliance Management Inc.
        P 780.409.5620
        F 780.409.5621
        D 780.409.5628
        C 780.965.8363
        Jonathon@xxxxxxx
         
        Guiding the Future of Transportation
        www.KPSA.ca <http://www.kpsa.ca/> 
         
         
         

________________________________

        From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] 
        Sent: January 12, 2006 1:09 PM
        To: [ISAserver.org Discussion List]
        Subject: [isalist] RE: "Failed Connection Attempt" for
SSL-tunnel (443) protocol
        
        
        http://www.ISAserver.org
        
        Why would it be allowed in the first place?
         
        Thomas W Shinder, M.D.
        Site: www.isaserver.org <http://www.isaserver.org/> 
        Blog: http://spaces.msn.com/members/drisa/
        Book: http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7> 
        MVP -- ISA Firewalls
        **Who is John Galt?**

         


________________________________

                From: Jonathon J. Howey [mailto:Jonathon@xxxxxxx] 
                Sent: Thursday, January 12, 2006 1:37 PM
                To: [ISAserver.org Discussion List]
                Subject: [isalist] RE: "Failed Connection Attempt" for
SSL-tunnel (443) protocol
                
                
                http://www.ISAserver.org
                
                For some reason, Kerberos-Sec (TCP) is being denied
between ISA Server and my internal server.  Would this have something to
do with it?
                 
                I deleted my rule I made earlier for the connection
between the external server and my internal server for port 80/443 and
the SSL-tunnel seems to be connecting.
                 
                 
                Jonathon J. Howey
                KPSA Compliance Management Inc.
                P 780.409.5620
                F 780.409.5621
                D 780.409.5628
                C 780.965.8363
                Jonathon@xxxxxxx
                 
                Guiding the Future of Transportation
                www.KPSA.ca <http://www.kpsa.ca/> 
                 
                 
                 

________________________________

                From: Jonathon J. Howey [mailto:Jonathon@xxxxxxx] 
                Sent: January 12, 2006 12:21 PM
                To: [ISAserver.org Discussion List]
                Subject: [isalist] RE: "Failed Connection Attempt" for
SSL-tunnel (443) protocol
                
                
                http://www.ISAserver.org
                
                Wouldn't the
                 
                "
                Do NOT configure the client as a Web proxy client.
                 
                UNBIND the Web proxy filter from the HTTP protocol.
                " 
                 
                 affect all traffic passing through my ISA?
                 
                 
                Jonathon J. Howey
                KPSA Compliance Management Inc.
                P 780.409.5620
                F 780.409.5621
                D 780.409.5628
                C 780.965.8363
                Jonathon@xxxxxxx
                 
                Guiding the Future of Transportation
                www.KPSA.ca <http://www.kpsa.ca/> 
                 
                 
                 

________________________________

                From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] 
                Sent: January 12, 2006 12:19 PM
                To: [ISAserver.org Discussion List]
                Subject: [isalist] RE: "Failed Connection Attempt" for
SSL-tunnel (443) protocol
                
                
                http://www.ISAserver.org
                
                Hi Jonathon,
                 
                OK, if we're going to play a guessing game, I would do
this:
                 
                Create an SSL Server Publishing Rule
                 
                Create an Acess Rule allowing outbound SSL connections.
                 
                Do NOT configure the client as a Web proxy client.
                 
                UNBIND the Web proxy filter from the HTTP protocol.
                 
                HTH,
                Tom
                 
                Thomas W Shinder, M.D.
                Site: www.isaserver.org <http://www.isaserver.org/> 
                Blog: http://spaces.msn.com/members/drisa/
                Book: http://tinyurl.com/3xqb7
<http://tinyurl.com/3xqb7> 
                MVP -- ISA Firewalls
                **Who is John Galt?**

                 


________________________________

                        From: Jonathon J. Howey
[mailto:Jonathon@xxxxxxx] 
                        Sent: Thursday, January 12, 2006 1:10 PM
                        To: [ISAserver.org Discussion List]
                        Subject: [isalist] RE: "Failed Connection
Attempt" for SSL-tunnel (443) protocol
                        
                        
                        http://www.ISAserver.org
                        
                        Tom, I'm wondering if I created a Perimeter
network consisting of my internal server and the server I'm trying to
access over 443, if it will work?
                         
                         
                        Jonathon J. Howey
                        KPSA Compliance Management Inc.
                        P 780.409.5620
                        F 780.409.5621
                        D 780.409.5628
                        C 780.965.8363
                        Jonathon@xxxxxxx
                         
                        Guiding the Future of Transportation
                        www.KPSA.ca <http://www.kpsa.ca/> 
                         
                         
                         

                        to listadmin@xxxxxxxxxxxxx 

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
Jonathon@xxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
Jonathon@xxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx 

Other related posts: