RE: HTTPS, Published Web Site, Firewall / Proxy Client

  • From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
  • To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
  • Date: Wed, 2 Nov 2005 09:42:04 -0600

Hi Paul,
 
VIOLATION of ISA FIREWALL LAW #1:
 
Do NOT loop back through the ISA firewall to access local resources.
 
ANS:
Direct Access
 
HTH,
Tom
 
Thomas W Shinder, M.D.
Site: www.isaserver.org <http://www.isaserver.org/> 
Blog: http://spaces.msn.com/members/drisa/
Book: http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7> 
MVP -- ISA Firewalls
**Who is John Galt?**

 


________________________________

        From: Paul Crisp [mailto:PCrisp@xxxxxxxxxxxxxxxxx] 
        Sent: Wednesday, November 02, 2005 9:43 AM
        To: [ISAserver.org Discussion List]
        Subject: [isalist] HTTPS, Published Web Site, Firewall / Proxy
Client
        
        
        http://www.ISAserver.org
        

        Hi all,

        OK got a slight situation here. Running ISA 2004 and have got
web sites published using port 80 and port 443 and from the outside
world all is accessible and working fine. A secure certificate is placed
on the ISA box on the listener and on the Web Server box and as I say
all is working fine from the outside world.

        Today an internal person tried to access the published secure
website and the error 502 Proxy Error: 12202 error appears.

        The internal persons machine is configured as a Firewall and
Proxy client and when we switch these settings to point to another ISA
box in another location, they can access the site without a problem. It
appears that if a client is sitting behind the original ISA box, then it
doesn't work and the error is produced.

        If I trace the web server I am correctly issued the external IP
address of the ISA box, so traffic is effectively going out of the ISA
box and then coming back in to the same box.

        Any clues where to look?

        Regards


        Paul Crisp

        Snr Network Support Analyst

        

        ------------------------------------------------------
        List Archives:
http://www.webelists.com/cgi/lyris.pl?enter=isalist
        ISA Server Newsletter:
http://www.isaserver.org/pages/newsletter.asp
        ISA Server FAQ:
http://www.isaserver.org/pages/larticle.asp?type=FAQ
        ------------------------------------------------------
        Visit TechGenix.com for more information about our other sites:
        http://www.techgenix.com
        ------------------------------------------------------
        You are currently subscribed to this ISAserver.org Discussion
List as: tshinder@xxxxxxxxxxxxxxxxxx
        To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist
        Report abuse to listadmin@xxxxxxxxxxxxx

Other related posts:

  1. Home
  2. isalist
  3. Archive
  4. 11-2005