FW: https through 2 ISA firewall help me please

  • From: "Terzano, Thierry" <Thierry.Terzano@xxxxxxxxxxxxxxxx>
  • To: <isalist@xxxxxxxxxxxxx>
  • Date: Fri, 25 Oct 2002 09:31:51 +0200

Please Help...

Thierry

-----Original Message-----
From: Terzano, Thierry 
Sent: Thursday, 24 October 2002 12:52
To: [ISAserver.org Discussion List]
Subject: [isalist] https through 2 ISA firewall help me please


http://www.ISAserver.org


Hi,

I try since 2 days to reach a web site www.abc.com under https across 2 ISA 
firewall that are in 2 different domains.

I show you my configuration:

I pass the url: https://www.abc.com/titi.htm in a IE.

www.abc.com is known on public dns as an public IP address xxx.yyy.zzz.ttt

My first ISA listens on this address (xxx.yyy.zzz.ttt) via dns name www.abc.com 
AND the certificate installed for securise www.abc.com site is installed as a 
local certificate (imported) on this ISA firewall. It is configured to enable 
SSL port 443 on it, and for this connection, use the certificate previously 
installed on the ISA firewall.

My action on this first ISA is to redirect the request to an internal machine 
(dns name) that is known on my internal DNS server. So it's redirected to the 
internel address aaa.bbb.ccc.ddd but the I keep the original host header and I 
don't bridge SSL (port 443).

The second ISA server is configured to listen on aaa.bbb.ccc.ddd ip address via 
its internal dns name www.abc.com because the same certificate (than the one 
installed on web site and first firewall) is installed on this second ISA.

This second ISA is configured like the first ISA. It listens on the internal 
address and redirect to another internal one on its domain.

Here is theory... but practically, I am not able to have an answer... always 
errors from ISA, so can you please help meeeee (:(

Thierry



------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Exchange Server Resource Site: http://www.msexchange.org/
Windows Security Resource Site: http://www.windowsecurity.com/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as: 
thierry.terzano@xxxxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')

Other related posts:

  1. Home
  2. isalist
  3. Archive
  4. 10-2002