[isalist] Re: Anyone with experience getting F5 Network's Firepass to work through ISA 2004

• From: "Chris Addicks" <caddicks@xxxxxxxxxxxxxxx>
• To: <isalist@xxxxxxxxxxxxx>
• Date: Thu, 9 Aug 2007 11:07:38 -0400

Thanks for the responses.

 

I do think they are using source-IP validation, and I have tried to make
them understand it may be part of the problem.

 

I didn't really think that the problem was with the ISA firewall, but
was wondering if anyone else had run into it.  The problem comes and
goes, and I continue to work with the state's IT staff.  I think it is
their firewall, but can't prove it to them yet.

 

Thanks again.

 

Chris

 

From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx]
On Behalf Of Jim Harrison
Sent: Wednesday, August 08, 2007 9:16 AM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: Anyone with experience getting F5 Network's
Firepass to work through ISA 2004

 

Ask if they use source-IP to validate the user connection.

Many banking sites still do this, even though it's invalid.

Because the connection uses an SSL tunnel through ISA, all ISA knows is
that the connection is made & broken.

You'll have to work with them live to sort this out.

 

From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx]
On Behalf Of Chris Addicks
Sent: Tuesday, August 07, 2007 11:23 AM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Anyone with experience getting F5 Network's Firepass
to work through ISA 2004

 

I have internal clients that need to access the state of Georgia's
secure site via a SSL-VPN.  The state has chosen to use F5 Network's
Firepass product to create a SSL-VPN.  The tunnel seems to be created
OK, but communications with the host via the tunnel is very
inconsistent.  I have been trying to work with the state's support
personnel and they have tried to help, but so far we have had very poor
results.

 

At this point, I don't know if the problem is on their end or mine.  I
created a rule allowing HTTP and HTTPS from my internal network to their
specific hosts, with all users allowed.  The logs indicate the tunnel is
established, but it is closed almost immediately.  I have attached a
sample of the log, all this activity is from a single internal client
computer trying to establish and use the SSL-VPN.

 

Anyone else working with Firepass and having success?

 

Chris

 

All mail to and from this domain is GFI-scanned.

• References:
  • [isalist] Re: Wild Card Certificate,
    • From: Ruba Al-Omari
  • [isalist] Anyone with experience getting F5 Network's Firepass to work through ISA 2004
    • From: Chris Addicks
  • [isalist] Re: Anyone with experience getting F5 Network's Firepass to work through ISA 2004
    • From: Jim Harrison

Other related posts:

• » [isalist] Anyone with experience getting F5 Network's Firepass to work through ISA 2004
• » [isalist] Re: Anyone with experience getting F5 Network's Firepass to work through ISA 2004
• » [isalist] Re: Anyone with experience getting F5 Network's Firepass to work through ISA 2004
• » [isalist] Re: Anyone with experience getting F5 Network's Firepass to work through ISA 2004

1. Home
2. isalist
3. Archive
4. 08-2007

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---