RE: Please help before i have no hair left
- From: "Stephen Herrera" <sherrera@xxxxxxxxxx>
- To: "'[ISAserver.org Discussion List]'" <isalist@xxxxxxxxxxxxx>
- Date: Fri, 24 Jan 2003 10:51:04 -0800
Thank for the extra info Tom! I just installed the feature release and am
looking at the link translators now. Unfortunately, since I have already
purchased the SSL Certificate using another Site is not an option for me. It
seems that this is some kind of flaw, though. Has anyone that has setup OWA
like you mentioned found a fix for this? With the money the company has used
to purchase the SSL fix I really need to get this working.
Steve
-----Original Message-----
From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxxxxxxxxx]
Sent: Thursday, January 23, 2003 4:42 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Please help before i have no hair left
http://www.ISAserver.org
Hi Steve,
Sounds similar to the old OWA problem. The client established an SSL
connection with the Incoming Web Requests listener, but then the OWA
site returned links that were HTTP. That didn't work since the user
needed to connect to the Incoming Web Requests listener via HTTPS, not
HTTP. You might want to investigate the Link Translator included in the
Feature Pack 1 and see if that will help, or better, fix your app so
that they establish an SSL connection from the start and don't bounce
between secure and insecure.
HTH,
Tom
www.isaserver.org/shinder
-----Original Message-----
From: Stephen Herrera [mailto:sherrera@xxxxxxxxxx]
Sent: Thursday, January 23, 2003 4:54 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] Please help before i have no hair left
http://www.ISAserver.org
I am installing WebDemo on a web server in my DMZ. I have a back to back
ISA
environment. The website for WebDemo is accessed on port 80 and the
website
passes you to port 443 for the application when you start it.
For my LAN I have made a DNS entry that points to the internal IP of the
web
server when LAN clients go to www.myapp.com so they go straight to the
server. I have a port listener on the web server and can see port 80
being
hit when they view the website and then port 443 when the use the
application.
For outside clients I have followed the "Configuring SSL Bridging"
tutorial
to setup the web server and publish the website. I have made sure that
when
I ping www.myapp.com from the external ISA server the internal IP is
returned. When I try from the outside I see port 80 being hit when I
access
the website but the pass to port 443 never happens.
On the ISA server packet filter logs I see the external client
requesting
port 443 and I see the publish IP passing traffic back to external
client
but the traffic never gets to the web server.
To test to make sure I have the SSL setup correctly I have stopped the
services of the application so they would not use port 443 and changed
the
properties of the website to only accept SSL. When I do this I am able
to
access the website both from the outside and from the inside so I know
it is
setup correctly. I don't know why ISA will not the website pass the
client
off to the application on 443. Also, I can run the app from the outside
firewall itself. Any thoughts on this?
steve
Other related posts:
