ISA 2004SE & Aventail SSL VPN
- From: "Paul Crisp" <PCrisp@xxxxxxxxxxxxxxxxx>
- To: <isalist@xxxxxxxxxxxxx>
- Date: Mon, 20 Mar 2006 14:05:21 -0000
Hi all,
Having an aventail box installed today and so far I have created a web
publishing rule using SSL and all is working ok. I now have a problem in
terms of one of the clients on the Aventail system, its called the
OnDemand Agent.
Basically internally any machine that accesses the Aventail box, the
OnDemand Agent works fine. Externally however is where the problems
occur. I have monitored the traffic coming through the ISA and when the
Agent fails to load the following lines appear in the ISA logs:
Log Time Destination IP Destination Port Protocol
Action Rule Client IP Client Username Source Network
Destination Network HTTP Method URL Original Client IP
Client Agent Authenticated Client Service Server Name
Referring Server Destination Host Name Transport MIME
Type Object Source Source Proxy Destination Proxy
Bidirectional Client Host Name Filter Information Network
Interface Raw IP Header Raw Payload Source Port
Processing Time Bytes Sent Bytes Received Result Code HTTP
Status Code Cache Information Error Information Log
Record Type
3/20/2006 2:01:53 PM <secondary firewall external IP> 443
HTTPS Denied Connection 139.92.218.116 External
Local Host - - 139.92.218.116
<firewall name> - TCP -
No - <primary firewall external IP> 45 00 00 28 65
60 00 00 79 06 18 b5 8b 5c da 74 c3 9d 9a 4c 08 92 01 bb ee ad d8 ab
ee ad d8 ab 50 04 00 00 53 25 00 00 2194 0 0 0
0xc0040017 FWX_E_TCP_NOT_SYN_PACKET_DROPPED 0x0 0x0
Firewall
Sorry if above is a bit messy. To explain my setup, my external network
card has multiple external IP addresses, but I am only publishing on one
of the external IP's.
If anyone can give me any clues, your help is much appreciated
Thanks
Paul Crisp
Snr Network Support Analyst
Other related posts:
