[isalist] Re: SSL-tunnel - Failed Connection Attempt

http://www.ISAserver.org
-------------------------------------------------------
  
<quote type="extended">
When I go to https://www.apec.acer.com.au/ and log in using my normal
u/p etc I get the following:

The Site is currently down. Please try again soon. Acer SYSOP. 
</quote>

-----Original Message-----
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx]
On Behalf Of Amy Babinchak
Sent: Tuesday, May 22, 2007 8:51 AM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: SSL-tunnel - Failed Connection Attempt

http://www.ISAserver.org
-------------------------------------------------------
  
But it's not that site that is giving him trouble. It's the pop up one.
ShopAcer link leads to a normal http page.

"I click the "ShopAcer" link and get a new browser with the following:

The Site is currently down. Please try again soon. Acer SYSOP."



-----Original Message-----
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx]
On Behalf Of Jim Harrison
Sent: Tuesday, May 22, 2007 11:28 AM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: SSL-tunnel - Failed Connection Attempt

http://www.ISAserver.org
-------------------------------------------------------
  
No, I don't.
<quote>
When I go to https://www.apec.acer.com.au/ 
</quote>

Any URL that uses https:// is by definition SSL-encrypted.

-----Original Message-----
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx]
On Behalf Of Amy Babinchak
Sent: Tuesday, May 22, 2007 8:32 AM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: SSL-tunnel - Failed Connection Attempt

http://www.ISAserver.org
-------------------------------------------------------
  
You assume that its Https. The initial site is https but the site that
opens when you click Shop Acer is just http. Since he is getting a
webpage from Acer saying that the site is down for maintenance and I'm
not.he's gotta have that maintenance page cached somewhere.

Amy

-----Original Message-----
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx]
On Behalf Of Jim Harrison
Sent: Tuesday, May 22, 2007 9:58 AM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: SSL-tunnel - Failed Connection Attempt

http://www.ISAserver.org
-------------------------------------------------------
  
There can be no caching of SSL Tunneled traffic; ISA can't see it, so
ISA can't cache it.  Never let anyone tell you otherwise.
Regarding the errors, if you get a network capture while making these
tests, you can prove conclusively which entity (site or ISA) is
delivering the content.

NetMon 3 can capture multiple interfaces simultaneously.

Get a capture and we'll see what we see...


-----Original Message-----
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx]
On Behalf Of Amy Babinchak
Sent: Tuesday, May 22, 2007 5:07 AM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: SSL-tunnel - Failed Connection Attempt

http://www.ISAserver.org
-------------------------------------------------------
  
Dave,

The message you are describing is coming from the site itself, not from
ISA. ISA can't display a page that Acer doesn't ask it to. You
definitely have it cached someplace.

Amy

-----Original Message-----
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx]
On Behalf Of David Freeman
Sent: Monday, May 21, 2007 9:33 PM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: SSL-tunnel - Failed Connection Attempt

http://www.ISAserver.org
-------------------------------------------------------
  
More information needed...

I click the "ShopAcer" link and get a new browser with the following:

The Site is currently down. Please try again soon. Acer SYSOP. 

When I go to https://www.apec.acer.com.au/ and log in using my normal
u/p etc I get the following:

The Site is currently down. Please try again soon. Acer SYSOP. 

When I go to http://www.service.acer.com.au/aarc and log in using my
normal u/p etc I get the following:

The Site is currently down. Please try again soon. Acer SYSOP. 

At the same time, I can go to
https://toolbox.iinet.net.au/cgi-bin/volumegraphs.cgi and log in using
my normal u/p and it works.

I can also access Internet banking sites and other sites that use login
credentials.

I have rebooted the server and it made no difference.

My network is like this:

 - Internet via ADSL to a LinkSYS router (NAT router)
 - an 'external' network that I use to plug in computers I'm repairing
in my workshop
 - ISA/SBS with SBS having dual NIC's into an 'internal' network where
my business workstations live

If I plug a PC into the 'external' network the above things work
normally.

I've tried talking to the folks at Acer and they claim there's no
problems at their end.  Given that I also have no problems when outside
ISA I tend to accept this.

Access to Acer's various sites is pretty much business-critical so I'm
really getting hassled by staff here.  I really don't want to move
workstations on to the 'external' network so I'm trying to understand
what is going on.

I ran a query in ISA while running the above tests and aside from seeing
SSL-tunnel failing to connect I didn't see any denied connections or
errors showing.  My filter was basically for a log record type of
firewall or web proxy filter with a client IP of the workstation I'm
doing the testing on.  I've tested using both IE (v6) and Firefox.  I'm
satisfied that the workstation I'm testing on is working normally but
have also tested with similar results on two other workstations.

Hope that offers a little more information...

David
 

 > -----Original Message-----
 > From: isalist-bounce@xxxxxxxxxxxxx 
 > [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Amy Babinchak
 > Sent: Tuesday, 22 May 2007 10:58 AM
 > To: isalist@xxxxxxxxxxxxx
 > Subject: [isalist] Re: SSL-tunnel - Failed Connection Attempt
 > 
 > http://www.ISAserver.org
 > -------------------------------------------------------
 >   
 > What happens when you click Shop Acer? For me a new window 
 > is launched
 > and it's http, not https. Given this I would be looking 
 > first at browser
 > settings.
 > 
 > Amy
 > 
 > -----Original Message-----
 > From: isalist-bounce@xxxxxxxxxxxxx 
 > [mailto:isalist-bounce@xxxxxxxxxxxxx]
 > On Behalf Of David Freeman
 > Sent: Monday, May 21, 2007 8:32 PM
 > To: isalist@xxxxxxxxxxxxx
 > Subject: [isalist] SSL-tunnel - Failed Connection Attempt
 > 
 > http://www.ISAserver.org
 > -------------------------------------------------------
 >   
 > Hi All
 > 
 > I'm running ISA 2004 on an SBS 2003 (not R2) box.
 > 
 > There haven't been any changes to the server for the past 30 days.
 > 
 > In the past two weeks, a web site that we use stopped working (their
 > end, was offline then came back online).  Since they came back online
 > we've been unable to access the site.
 > 
 > I set up a workstation outside my ISA protected network and 
 > tested - the
 > site will load normally.  It does not load inside the ISA protected
 > network.
 > 
 > I set up a filter for one of my workstations and attempted 
 > to connect to
 > the site.  The only failure I'm seeing is for a port 443 
 > connection.  It
 > identifies the protocol as SSL-tunnel and has an action of "Failed
 > Connection Attempt".  ISA identifies the rule as "SBS Internet Access
 > Rule".
 > 
 > My current "SBS Internet Access Rule" is set to allow HTTP and HTTPS
 > from all protected networks to external networks for SBS 
 > internet users.
 > 
 > There are no problems accessing other sites using HTTPS (including
 > internet banking sites) from ISA protected workstations, only this
 > particular site.
 > 
 > Just been checking with other staff here - the exact same 
 > error can be
 > seen by going to http://www.acer.com.au/ and selecting the "ShopAcer"
 > link on the left hand side (actual site I'd noted the problem with is
 > Acer's wholesale e-commerce site).
 > 
 > Any assistance or ideas on how to proceed very much appreciated.
 > 
 > Aside from adding a couple of rules for Citrix my ISA 2004 is running
 > pretty much vanilla default rules set up as part of the SBS install.
 > 
 > David
 > ------------------------------------------------------
 > List Archives: http://www.freelists.org/archives/isalist/  
 > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp 
 > ISA Server Articles and Tutorials:
 > http://www.isaserver.org/articles_tutorials/ 
 > ISA Server Blogs: http://blogs.isaserver.org/ 
 > ------------------------------------------------------
 > Visit TechGenix.com for more information about our other sites:
 > http://www.techgenix.com 
 > ------------------------------------------------------
 > To unsubscribe visit http://www.isaserver.org/pages/isalist.asp 
 > Report abuse to listadmin@xxxxxxxxxxxxx 
 > 
 > 
 > --
 > ExchangeDefender Message Security: Click below to verify authenticity
 > http://www.exchangedefender.com/verify.asp?id=l4M0oh1g001079&;
 > from=amy@xxxxxxxxxxxxxxxxxxxxxxxxxx
 > 
 > ------------------------------------------------------
 > List Archives: http://www.freelists.org/archives/isalist/  
 > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp 
 > ISA Server Articles and Tutorials: 
 > http://www.isaserver.org/articles_tutorials/ 
 > ISA Server Blogs: http://blogs.isaserver.org/ 
 > ------------------------------------------------------
 > Visit TechGenix.com for more information about our other sites:
 > http://www.techgenix.com 
 > ------------------------------------------------------
 > To unsubscribe visit http://www.isaserver.org/pages/isalist.asp 
 > Report abuse to listadmin@xxxxxxxxxxxxx 
 > 
 > 
------------------------------------------------------
List Archives: http://www.freelists.org/archives/isalist/  
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp 
ISA Server Articles and Tutorials:
http://www.isaserver.org/articles_tutorials/ 
ISA Server Blogs: http://blogs.isaserver.org/ 
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com 
------------------------------------------------------
To unsubscribe visit http://www.isaserver.org/pages/isalist.asp 
Report abuse to listadmin@xxxxxxxxxxxxx 


--
ExchangeDefender Message Security: Click below to verify authenticity
http://www.exchangedefender.com/verify.asp?id=l4MBxKhe007624&from=amy@ha
rborcomputerservices.net

------------------------------------------------------
List Archives: http://www.freelists.org/archives/isalist/  
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp 
ISA Server Articles and Tutorials:
http://www.isaserver.org/articles_tutorials/ 
ISA Server Blogs: http://blogs.isaserver.org/ 
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com 
------------------------------------------------------
To unsubscribe visit http://www.isaserver.org/pages/isalist.asp 
Report abuse to listadmin@xxxxxxxxxxxxx 


All mail to and from this domain is GFI-scanned.

------------------------------------------------------
List Archives: http://www.freelists.org/archives/isalist/  
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp 
ISA Server Articles and Tutorials:
http://www.isaserver.org/articles_tutorials/ 
ISA Server Blogs: http://blogs.isaserver.org/ 
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com 
------------------------------------------------------
To unsubscribe visit http://www.isaserver.org/pages/isalist.asp 
Report abuse to listadmin@xxxxxxxxxxxxx 


--
ExchangeDefender Message Security: Click below to verify authenticity
http://www.exchangedefender.com/verify.asp?id=l4MFNilT028473&from=amy@ha
rborcomputerservices.net

------------------------------------------------------
List Archives: http://www.freelists.org/archives/isalist/  
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp 
ISA Server Articles and Tutorials:
http://www.isaserver.org/articles_tutorials/ 
ISA Server Blogs: http://blogs.isaserver.org/ 
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com 
------------------------------------------------------
To unsubscribe visit http://www.isaserver.org/pages/isalist.asp 
Report abuse to listadmin@xxxxxxxxxxxxx 


All mail to and from this domain is GFI-scanned.

------------------------------------------------------
List Archives: http://www.freelists.org/archives/isalist/  
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp 
ISA Server Articles and Tutorials:
http://www.isaserver.org/articles_tutorials/ 
ISA Server Blogs: http://blogs.isaserver.org/ 
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com 
------------------------------------------------------
To unsubscribe visit http://www.isaserver.org/pages/isalist.asp 
Report abuse to listadmin@xxxxxxxxxxxxx 


--
ExchangeDefender Message Security: Click below to verify authenticity
http://www.exchangedefender.com/verify.asp?id=l4MFhJLH031103&from=amy@ha
rborcomputerservices.net

------------------------------------------------------
List Archives: http://www.freelists.org/archives/isalist/  
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp 
ISA Server Articles and Tutorials:
http://www.isaserver.org/articles_tutorials/ 
ISA Server Blogs: http://blogs.isaserver.org/ 
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com 
------------------------------------------------------
To unsubscribe visit http://www.isaserver.org/pages/isalist.asp 
Report abuse to listadmin@xxxxxxxxxxxxx 


All mail to and from this domain is GFI-scanned.

------------------------------------------------------
List Archives: http://www.freelists.org/archives/isalist/  
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp 
ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/ 
ISA Server Blogs: http://blogs.isaserver.org/ 
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com 
------------------------------------------------------
To unsubscribe visit http://www.isaserver.org/pages/isalist.asp 
Report abuse to listadmin@xxxxxxxxxxxxx 

Other related posts: