That's interesting, since FW logs don't list anything as "BLOCKED"; that's an entry only found in the IP.logs. Take a look in the event logs; ISA rarely chokes without crying loudly.. Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://isaserver.org/pages/author_index.asp?aut=3 http://isatools.org Read the books! ----- Original Message ----- From: "Alfonso Lopez de Ayala" <alopezdeayala@xxxxxxxxxxxx> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> Sent: Monday, September 30, 2002 3:57 PM Subject: [isalist] Re: IP Packet filter needed IN ADDITION TO Web Publishing Rule ??? http://www.ISAserver.org Setup details (btw, this worked yesterday, but doesn't today!): - GOAL: Publish OWA thru SSL (https://server.domain.com/exchange) - ISA & IIS on same box - Incoming listener: * Basic Authentication (only) * Server certificate installed in ISA * Enable SSL listeners (443) checked * Ask unauthenticated users... NOT checked - Web Publishing Rule: * Destination set includes all OWA directories (ExchWeb, Exchange, Public, _AuthChangeUrl, iisadmpwd) * Action: redirect to this internal web server: server.domain.com * Send actual host header... CHECKED * Redirect SSL content as: SSL request (SSL bridging) * Require secure channel SSL * Applies to: any request - IP Packet Filters: none referring to HTTPS or port 443 - Server Publishing Rules: none - IIS configuration * SSL Certificate installed * Security on OWA virtual directories: + Basic Authentication (only) + Require secure channel SSL + Anonymous access NOT checked * SocketPooling DISABLED - NIC binding: first is Internal NIC (in My Network Places > Advanced) Suddenly it stopped working... firewall logs now clearly shows packets to 443 as BLOCKED! No clue as to why. >From LAN OWA works fine. Alfonso -----Original Message----- From: Jim Harrison [mailto:jim@xxxxxxxxxxxx] Sent: Monday, September 30, 2002 3:25 PM To: [ISAserver.org Discussion List] Subject: [isalist] Re: IP Packet filter needed IN ADDITION TO Web Publishing Rule ??? http://www.ISAserver.org If IIS is operating on the ISA, you have a choice between web publishing and packet filters. Some details on your setup would help in providing a specific answer... Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://isaserver.org/pages/author_index.asp?aut=3 http://isatools.org Read the books! ----- Original Message ----- From: "Alfonso Lopez de Ayala" <alopezdeayala@xxxxxxxxxxxx> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> Sent: Monday, September 30, 2002 2:33 PM Subject: [isalist] IP Packet filter needed IN ADDITION TO Web Publishing Rule ??? http://www.ISAserver.org This gets more confusing every day... :) If I have a Web Publishing rule that allows SSL requests to be forwarded to web server... do I ALSO have to have an IP filter that allows HTTPS traffic (port 443)? DO YOU ALWAYS NEED AN ALLOWING "IP PACKET FILTER" IN ADDITION TO ANY "PUBLISHIONG RULE" YOU SET UP??? (OWA suddenly stopped working and the only way to get to it from the Internet is by adding an IP Packet filter allowing "HTTPS Server"!) Alfonso ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Exchange Server Resource Site: http://www.msexchange.org/ Windows Security Resource Site: http://www.windowsecurity.com/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Exchange Server Resource Site: http://www.msexchange.org/ Windows Security Resource Site: http://www.windowsecurity.com/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: alopezdeayala@xxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Exchange Server Resource Site: http://www.msexchange.org/ Windows Security Resource Site: http://www.windowsecurity.com/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')