RE: "Failed Connection Attempt" for SSL-tunnel (443) protocol
- From: "Jonathon J. Howey" <Jonathon@xxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Thu, 12 Jan 2006 10:20:18 -0700
I'm told port 443 is bi-directional and port 80 is one-time only.
Jonathon J. Howey
KPSA Compliance Management Inc.
P 780.409.5620
F 780.409.5621
D 780.409.5628
C 780.965.8363
Jonathon@xxxxxxx
Guiding the Future of Transportation
www.KPSA.ca <http://www.kpsa.ca/>
________________________________
From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx]
Sent: January 12, 2006 10:00 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: "Failed Connection Attempt" for SSL-tunnel (443)
protocol
http://www.ISAserver.org
Hi Jonathan,
OK, we really need to know if this is an inbound or outbound access
issue because even starting the discussion.
Thomas W Shinder, M.D.
Site: www.isaserver.org <http://www.isaserver.org/>
Blog: http://spaces.msn.com/members/drisa/
Book: http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7>
MVP -- ISA Firewalls
**Who is John Galt?**
________________________________
From: Jonathon J. Howey [mailto:Jonathon@xxxxxxx]
Sent: Thursday, January 12, 2006 10:38 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: "Failed Connection Attempt" for
SSL-tunnel (443) protocol
http://www.ISAserver.org
It's on a different server than ISA and my other port 80/443
applications that ISA publishes; it talks back and forth to the vendor's
server over port 80/443 but when I monitor in ISA, it gives me the
failed connection attempt error all the time (failing handshake?).
Jonathon J. Howey
KPSA Compliance Management Inc.
P 780.409.5620
F 780.409.5621
D 780.409.5628
C 780.965.8363
Jonathon@xxxxxxx
Guiding the Future of Transportation
www.KPSA.ca <http://www.kpsa.ca/>
________________________________
From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx]
Sent: January 12, 2006 9:27 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: "Failed Connection Attempt" for
SSL-tunnel (443) protocol
http://www.ISAserver.org
Hi Jonathon,
You don't publish servers making primary outbound connections.
That's what access rules are for.
What device is making the primary connection?
Thanks!
Tom
Thomas W Shinder, M.D.
Site: www.isaserver.org <http://www.isaserver.org/>
Blog: http://spaces.msn.com/members/drisa/
Book: http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7>
MVP -- ISA Firewalls
**Who is John Galt?**
________________________________
From: Jonathon J. Howey [mailto:Jonathon@xxxxxxx]
Sent: Thursday, January 12, 2006 10:11 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: "Failed Connection Attempt" for
SSL-tunnel (443) protocol
http://www.ISAserver.org
Doesn't anyone know? or do people just hate me
Jonathon J. Howey
KPSA Compliance Management Inc.
P 780.409.5620
F 780.409.5621
D 780.409.5628
C 780.965.8363
Jonathon@xxxxxxx
Guiding the Future of Transportation
www.KPSA.ca <http://www.kpsa.ca/>
________________________________
From: Jonathon J. Howey [mailto:Jonathon@xxxxxxx]
Sent: January 11, 2006 3:40 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: "Failed Connection Attempt" for
SSL-tunnel (443) protocol
http://www.ISAserver.org
bump
Jonathon J. Howey
KPSA Compliance Management Inc.
P 780.409.5620
F 780.409.5621
D 780.409.5628
C 780.965.8363
Jonathon@xxxxxxx
Guiding the Future of Transportation
www.KPSA.ca <http://www.kpsa.ca/>
________________________________
From: Jonathon J. Howey [mailto:Jonathon@xxxxxxx]
Sent: January 11, 2006 11:41 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] "Failed Connection Attempt" for
SSL-tunnel (443) protocol
http://www.ISAserver.org
Hi,
I've created a computer object with the destination IP
I'm trying to reach, it's an authentication server for one of our apps,
that communicates over port 80 and 443. I've since created a policy
that allows from my internal network to the destination computer, over
HTTP, HTTPS, and HTTPS Server. I'm getting the error in the subject
when I check the logging, "Failed connection attempt". It is using my
rule.
I've also trying creating a network of just that one IP,
did a secure server publishing rule, for my internal server to that
network. I've tried with SSL Tunneling mode for a Perimeter Network and
an External network, but to no avail. Same error as before. Thanks.
Jonathon J. Howey
KPSA Compliance Management Inc.
P 780.409.5620
F 780.409.5621
D 780.409.5628
C 780.965.8363
Jonathon@xxxxxxx
Guiding the Future of Transportation
www.KPSA.ca <http://www.kpsa.ca/>
------------------------------------------------------
List Archives:
http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter:
http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ:
http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other
sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org
Discussion List as: Jonathon@xxxxxxx
To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
------------------------------------------------------
List Archives:
http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter:
http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ:
http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other
sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org
Discussion List as: Jonathon@xxxxxxx
To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
------------------------------------------------------
List Archives:
http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter:
http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ:
http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other
sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org
Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx
To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
Jonathon@xxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
Other related posts:
