You need to allow 1139 as an SSL port: http://support.microsoft.com/default.aspx?scid=kb;EN-US;Q283284 Jim Harrison MCP(NT4, 2K), A+, Network+, PCG http://isaserver.org/authors/harrison/ ----- Original Message ----- From: Colter Bowman To: [ISAserver.org Discussion List] Sent: Tuesday, December 04, 2001 09:15 Subject: [isalist] E-Commerce Using Web Publishing on ISA http://www.ISAserver.org To All, I have a network setup with one ISA Server Stand Alone, using SecureNAT for the internal clients. I have a SQL 2000 Server internally as well as a Windows 2000 Adv Server for my Webserver. I have multiple sites published from the internal server with no problems; everything that is static seems to work fine. I have websites that work in conjunction with the database server that function correctly. I have now run into an error that prevents me from having any kind of e-commerce website on my internal machine. When processing e-commerce as you may know you will need to communicate through SSL as well as send data to your credit card authorization company. I have put this box completely on the outside and it seems to work fine, it's when I bring it inside that I have errors. I need to have this on the inside for protection and security. The only other port that I will be using is port 1139. In all I will be using port 80, 443, and 1139. I cannot get 1139 to run or process which then stops me in my tracks when trying to place an order on the website. I have a firewall client on this machine as well, but am unsure how to make a custom ip bind since the ecommerce tag is a .dll and not an application, should I use the firewall client at all to publish this 1139 port. If I have multiple scenarios, ip packet filters and protocol rules, can they conflict? Scenarios I have tried for the internal webserver to work with the outside authorization: Server Properties - Outgoing Web Requests, use the same listener configuration for all internal ip addresses, tcp port 8080, ssl port 8443, checked enable ssl listeners Server Publishing - publish 1139 protocol rule, using external NIC of ISA Server, points to the internal address of the webserver, any request Internal Web Requests - use the same listener configuration for all internal ip addresses, tcp port 80, ssl port 443, checked enable ssl listeners Protocol Rule - Scope is Array, Protocol 1139 with inbound as the primary connection, applies to any request IP Packet Filter - Custom Filter, 1139 fixed, both directions, any remote computer Would I be better off trying to allow full rights to my credit card authorization company domain, and give them complete rights, would that resolve this issue, if so how do give all rights to a domain? Would I be better putting this on a DMZ, would that prove any different, if so what is the best scenario ISA Server - Live IP 66.5.4.3 Internal IP, 192.168.1.1 DMZ, 66.5.4.2 Webserver, 66.5.4.8 Then should I make the ip of the external box 66.5.4.8 so it can make it to the outside world. I am open to any options or ideas anyone has so I can get this port to work correctly. I have 3 nic cards in the ISA box now, so to use DMZ would not be hard. Any ideas would be greatly appreciated..are there anymore questions? Thanks in advance Colter ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')