RE: Problem with outbound connection to secure site
- From: "Thomas W Shinder" <tshinder@xxxxxxxxxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Tue, 18 Feb 2003 21:01:58 -0600
Hi Bill,
Are they using an alternate port for SSL? Try bypassing the Web Proxy
service by using Direct Access to see if it's a problem with the Java
app.
Thanks!
Tom
Thomas W Shinder
www.isaserver.org/shinder
ISA Server and Beyond: http://tinyurl.com/1jq1
Configuring ISA Server: http://tinyurl.com/1llp
-----Original Message-----
From: Mayo, Bill [mailto:bemayo@xxxxxxxxxxxxx]
Sent: Tuesday, February 18, 2003 2:37 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Problem with outbound connection to secure site
http://www.ISAserver.org
Dr. Shinder,
Thanks very much for the response. I have logging turned on, and all
the
rules that show up (including the lines that have a 12209 or 995
sc-status)
are allow rules. I have also noted that I had some sc-status returns of
64
as well (failed to mention that in previous email). Although it appears
other places in the log, I am suspicious of the anonymous access lines
interspersed in the session. Further refinement shows that the 12209
errors
are all on lines where the cs-username shows "anonymous". I am at a
loss as
to why certain lines here show anonymous authentication.
I have just spoken with the people hosting the site. The information
they
provide is that the site is using SQL Server for a database, and that
the
program is Java (from all appearances, server-based). The pages all
have an
extension of ".do", if that means anything to anyone.
I also tried doing a packet trace from the server, but could not discern
anything particularly meaningful (presumably because the packets are all
encrypted due to SSL).
Any further comments or pointers graciously accepted!
~~~~~~~~~~
Bill Mayo
Network Administrator
Pitt County MIS
-----Original Message-----
Subject: RE: Problem with outbound connection to secure site
From: "Thomas W Shinder" <tshinder@xxxxxxxxxxxxxxxxxx>
Date: Fri, 14 Feb 2003 11:50:40 -0600
X-Message-Number: 18
Hi Bill,
Turn on all fields in the Web Proxy log
Go to the sites in question
Check the Web Proxy logs for Rule#1 and Rule#2 to determine the rules
blocking the requests
Remember that ISA Server can't see what's in the SSL tunnel, so if
you're blocking subdirs or content, then the entire site will be
whacked.
HTH,
Tom
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Exchange Server Resource Site: http://www.msexchange.org/
Windows Security Resource Site: http://www.windowsecurity.com/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
Other related posts:
