ISA Chaining Problems
- From: "Gary Williams" <gary.williams@xxxxxxxxxxxxxxxxxxxxx>
- To: isalist@xxxxxxxxxxxxx
- Date: Wed, 1 May 2002 07:57:52 -0600
Hi there,
I am setting up a chained ISA config. Basically I have a Integrated Mode
server on my internal LAN and another Integrated Mode server on my DMZ.
We have a CheckPoint Firewall 1 firewall so are using ISA primarily for
cacheing. IP address of LAN ISA is 172.9.12.234, IP address of DMZ ISA is
192.168.0.220.
Have configured ISA server on LAN to chain to ISA server on DMZ. Server on
DMZ then has access to Internet.
All works fine for HTTP web browsing and FTP via browser, but I'm having
problems with HTTPS in the browser and FTP from command prompt (via the
Firewall Client).
When accessing HTTPS pages I get 'The page cannot be displayed', and I see
following in ISA Web log:
172.9.13.10 MILLERINS\GW01477C Mozilla/4.0 (compatible; MSIE 5.5;
Windows
NT
5.0) 2002-05-01 14:28:55 MIGISATEST - 192.168.0.220
192.168.0.220 8080 - 200 2669 SSL-tunnel -
www.equitalk.co.uk:443 Upstream 995
Firewall chaining is configured, but on my test PC which has the Firewall
Client installed, when I try to access say ftp.compaq.com from a command
prompt (using FW client) I get a 'connection refused' error? When I look
in the firewall log on the LAN ISA server, I see the following message
which looks like the external address is being returned to the client,
rather than forwarding the request on to the DMZ ISA server (IP address
192.168.0.220)?
172.9.13.10 gw01477c ftp.exe:3:5.0 Y 2002-05-01
13:50:53 MIGISATEST ftp.compaq.com 161.114.1.254 - 320
- - - - GHBN 0 7 0
172.9.13.10 gw01477c ftp.exe:3:5.0 Y 2002-05-01
13:50:54 MIGISATEST - 161.114.1.254 21 1001 -
- 21 TCP Connect 10061 7 47
Any ideas what could be wrong anyone?
Thanks in advance,
Gary.
Other related posts:
