[isalist] Re: SSL-tunnel - Failed Connection Attempt
- From: "Jim Harrison" <Jim@xxxxxxxxxxxx>
- To: <isalist@xxxxxxxxxxxxx>
- Date: Mon, 21 May 2007 17:41:46 -0700
http://www.ISAserver.org
-------------------------------------------------------
Can you clarify "..exact same error.." for the shopacer site?
How does a non-SSL site relate to an SSL tunnel problem?
Unfortunately, all SSL tunnels will be logged as "failed" connections;
typically with one of two result-codes:
64 (The specified network name is no longer available)
995 (The I/O operation has been aborted because of either a thread exit
or an application request.)
This is because ISA only knows two things about an SSL tunnel:
1. the connections are (not) closed
2. bits are (not) not flowing through the tunnel
Because ISA cannot monitor the application-layer for this traffic, it
has no way to "predict" session closure and thus when the client or
server end closes the connection, it always comes as a surprise.
-----Original Message-----
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx]
On Behalf Of David Freeman
Sent: Monday, May 21, 2007 5:32 PM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] SSL-tunnel - Failed Connection Attempt
http://www.ISAserver.org
-------------------------------------------------------
Hi All
I'm running ISA 2004 on an SBS 2003 (not R2) box.
There haven't been any changes to the server for the past 30 days.
In the past two weeks, a web site that we use stopped working (their
end, was offline then came back online). Since they came back online
we've been unable to access the site.
I set up a workstation outside my ISA protected network and tested - the
site will load normally. It does not load inside the ISA protected
network.
I set up a filter for one of my workstations and attempted to connect to
the site. The only failure I'm seeing is for a port 443 connection. It
identifies the protocol as SSL-tunnel and has an action of "Failed
Connection Attempt". ISA identifies the rule as "SBS Internet Access
Rule".
My current "SBS Internet Access Rule" is set to allow HTTP and HTTPS
from all protected networks to external networks for SBS internet users.
There are no problems accessing other sites using HTTPS (including
internet banking sites) from ISA protected workstations, only this
particular site.
Just been checking with other staff here - the exact same error can be
seen by going to http://www.acer.com.au/ and selecting the "ShopAcer"
link on the left hand side (actual site I'd noted the problem with is
Acer's wholesale e-commerce site).
Any assistance or ideas on how to proceed very much appreciated.
Aside from adding a couple of rules for Citrix my ISA 2004 is running
pretty much vanilla default rules set up as part of the SBS install.
David
------------------------------------------------------
List Archives: //www.freelists.org/archives/isalist/
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server Articles and Tutorials:
http://www.isaserver.org/articles_tutorials/
ISA Server Blogs: http://blogs.isaserver.org/
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
Report abuse to listadmin@xxxxxxxxxxxxx
All mail to and from this domain is GFI-scanned.
------------------------------------------------------
List Archives: //www.freelists.org/archives/isalist/
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/
ISA Server Blogs: http://blogs.isaserver.org/
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
Report abuse to listadmin@xxxxxxxxxxxxx
Other related posts:
