You appear to have changed the ISA policies prior to gathering the ISAInfo, as none of them require SSL and the site now behaves "normally". You also have another problem. NEVER make Microsoft-owned bits available from your web site. Please relocate them to some non-publicly-available place on your file server. All of the web sites are using the same listener (OWA), which is configured to listen on all external IPs. You should change this to be IP-specific. No need to listen on IPs that shouldn't handle traffic. Ideally, you want to split the OWA from the "public" rules, as OWA *should* be SSL-limited. From the looks of your ipconfig data, you're sitting behind some NAT "router". Based on some judicious nslookups, it also appears that you have a single IP address for your sites. If this is the case, you'll find it difficult to satisfy the need for securing the OWA site against the "public" sites. As a final piece of advice, lose the "Unrestricted Internet access" rule. Since it exists and is listed first, your ISA will allow anything that wants to pass to the Internet. Based on this policy entry alone, I'd be tempted to blacklist your IP. All outbound rules should be either user/group- or client-IP-based or (ideally) both. There is NO need for an "allow all" rule on your production ISA server; ever. Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://isaserver.org/Jim_Harrison/ http://isatools.org Read the help / books / articles! -----Original Message----- From: Andrew English [mailto:andrew@xxxxxxxxxxxxxxxxxxxxxx] Sent: Monday, November 29, 2004 10:59 AM To: [ISAserver.org Discussion List] Subject: [isalist] RE: SSL problem http://www.ISAserver.org Hi Jim, I tried to attach the info file to my previous message but since there is a 97k limit it didn't go through. Anyhow I put it up on www.leathalproductions.com/temp so simply right click and select "save as". SSL is turned off for the time being on that site. Also just to let you know someone else setup ISA 2004, personally I have been thinking of redoing it from scratch because it looks messy to me. (shrug) Regards, Andrew -----Original Message----- From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx] Sent: Monday, November 29, 2004 1:06 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: SSL problem http://www.ISAserver.org First, this doesn't happen for the whole site, just specific URLs. This indicates that you have multiple web publishing rules for this site, at least one of which is requiring SSL-only connections. For instance: https://www.leathalproductions.com/crash/knee/kneepics.htm produces the HTTPS-only response from your ISA, but modifying the URL to use HTTPS only results in a 10060 error, indicating that your ISA is not listening on TCP-443. Network Access Message: The page cannot be displayed Technical Information (for Support personnel) Error Code: 504 Proxy Timeout. The connection timed out. For more information about this event, see ISA Server Help. (10060) IP Address: 66.11.182.215 Date: 11/29/2004 5:55:27 PM Without seeing the details of your web publishing rules, it's impossible to say where exactly the problem is, but I'll bet Steve's next bad joke that at least one of your web publishing rules is requiring SSL and you failed to properly create an SSL listener. If you're willing to provide your ISAInfo (http://isatools.org/isainfo/isainfo.zip), we can better direct you. Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://isaserver.org/Jim_Harrison/ http://isatools.org Read the help / books / articles! -----Original Message----- From: Andrew English [mailto:andrew@xxxxxxxxxxxxxxxxxxxxxx] Sent: Monday, November 29, 2004 9:21 AM To: [ISAserver.org Discussion List] Subject: [isalist] SSL problem http://www.ISAserver.org I am having problem with ISA 2004 and SSL. I have installed and tested on my local LAN which doesn't proxy through ISA 2004 my SSL cert on www.leathalproductions.com which locally I am told this page is SSL and requires https:// to access it. However when I access the same site from the outside ISA seems to be translating it to HTTP which has left me totally baffled!? Andrew ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx All mail to and from this domain is GFI-scanned. ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: andrew@xxxxxxxxxxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx All mail to and from this domain is GFI-scanned.