Re: SSL problems on ISA server installed as Proxy & Cache for controlling Internet access

• From: "Jim Harrison" <jim@xxxxxxxxxxxx>
• To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
• Date: Wed, 19 Jun 2002 09:34:43 -0700

Interesting...
You should write an article on this  ;-)

..but on the subject of the FW client errors; that's usually name resolution
failure getting in the way (just a note for later).

Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG
http://isaserver.org/authors/harrison/
Read the books!
----- Original Message -----
From: <Jorgen.Bruun@xxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Tuesday, June 18, 2002 10:40 PM
Subject: [isalist] Re: SSL problems on ISA server installed as Proxy & Cache
for controlling Internet access


http://www.ISAserver.org


My thoughts precisely. Tried that, but the application told me that it "the
server is not an ISA server" and "the server is down"
Didn't particularly like that. And there isn't that much one can fiddle with
in the FW client.
Also if I have to deploy the FW client, it just adds work.
So, I concentrated on fixing the Dexia application. Actually, it turned out
that enabling the option "Use HTTP 1.1 through proxy connections" in the
advanced section of IE setup, fixed the problem completely. Thus I can
reenable security on my Proxy again.

;-) Jorgen

-----Original Message-----
From: Jim Harrison [mailto:jim@xxxxxxxxxxxx]
Sent: 18. June 2002 14:46
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: SSL problems on ISA server installed as Proxy &
Cache for controlling Internet access


http://www.ISAserver.org


Another option may be to use the FW client; it should intercept the Winsock
call that the app seems to be making.

Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG
http://isaserver.org/authors/harrison/
Read the books!
----- Original Message -----
From: <Jorgen.Bruun@xxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Cc: <jim@xxxxxxxxxxxx>
Sent: Tuesday, June 18, 2002 4:33 AM
Subject: [isalist] Re: SSL problems on ISA server installed as Proxy & Cache
for controlling Internet access


http://www.ISAserver.org


Hi Jim,

Yes - I do have ISA SP1 installed.
It seems pretty obvious to me, that the problem must exist somewhere within
ISA.
Because sitting at the server itself, which is not configured to use itself
as a proxy, I have no problems at all.

... aha! Your question raised a flag!

If 12209 is an authentication failure, then it seems that the downloaded
application is trying to access the Internet using an anonymous account. I
verified this by looking at the log once again. (I had no idea what the
"sc-status" field was for until you mentioned that the 12209 entry indicated
authentication problems... :-< ) So, it seems, that once the SSL part is
concluded, a new http session is initiated as user "anonymous". This is
where everything failed.

On my server, I have setup the default "Internet Access" policy in Access
Policy to only give access to users that are members of a certain group.
However, it seems that the applet from Dexia Bank (or whatever it is called)
tries to do it's own connection to the Proxy server - as ANONYMOUS.

By changing the access Policy rule to apply to all users (even users that
are not authenticated) the problem disappeared.

However, as you can imagine this is NOT a viable solution - just a temporary
workaround.
So no matter what, the ISA is doing it's job, and instead I should
concentrate on fiddling with the Dexia application instead - if at all
possible. Unless you have any workaround for this kind of application
behaviour.

Anyway, thanks to your invaluable feedback.

Kind Regards,

Jorgen Bruun
Nordea Bank S.A.
Luxembourg


-----Original Message-----
From: Jim Harrison [mailto:jim@xxxxxxxxxxxx]
Sent: 17. June 2002 18:08
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: SSL problems on ISA server installed as Proxy &
Cache for controlling Internet access


http://www.ISAserver.org


Hi Jorgen,

    No, you can't run ASP on a client; it's strictly server-side code.
    From your logs, I'd say that you're having trouble with user
authentication; many of the pages are getting refused with "403" and
"12209", both of which are authentication failures.
    Do you have ISA SP1 installed?

Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG
http://isaserver.org/authors/harrison/
Read the books!
----- Original Message -----
From: "Jorgen Bruun" <jorgen.bruun@xxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Monday, June 17, 2002 6:53 AM
Subject: [isalist] Re: SSL problems on ISA server installed as Proxy & Cache
for controlling Internet access


http://www.ISAserver.org


OK point taken..
I have tried again, and this time all the info in the log is included.

I must admit, I am not aware, that the localhost is being accessed for
anything. Again, excuse my ignorance, but is it possible to execute .ASP
scripts on my localhost (i.e. the client)? Anyway, I can only show you
logs from our own ISA server when clients try to connect to the dexia
site. And this is as shown below.

I do not have any logs I can look at when succesfully accessing the site
from the server itself. Unless you have any suggestions..

:-) Jorgen



----------------------------------------------------------------------------
-

10.54.33.36 anonymous Mozilla/4.0 (compatible; MSIE 5.5; Windows NT
4.0) PROXYSRV1 - - - - - 403 - - GET
http://www.dexia.lu/webquotes/index.asp?lang=en&menu=ONL&pagedef=ACCCLI&href
=htm/acces_client.asp?lang=en - 12209

10.54.33.36 anonymous Mozilla/4.0 (compatible; MSIE 5.5; Windows NT
4.0) PROXYSRV1 - - - - - 499 - - GET
http://www.dexia.lu/webquotes/index.asp?lang=en&menu=ONL&pagedef=ACCCLI&href
=htm/acces_client.asp?lang=en - 0

10.54.33.36 LUXEMBOURG\a2400 Mozilla/4.0 (compatible; MSIE 5.5; Windows NT
4.0) PROXYSRV1 - www.dexia.lu 194.7.201.104 80 140 643 1483 http GET
http://www.dexia.lu/webquotes/index.asp?lang=en&menu=ONL&pagedef=ACCCLI&href
=htm/acces_client.asp?lang=en Inet 200

10.54.33.36 anonymous Mozilla/4.0 (compatible; MSIE 5.5; Windows NT
4.0) PROXYSRV1 - - - - - 591 - - GET
http://www.dexia.lu/webquotes/look_menu.asp?lang=en&menu=haut - 12209

10.54.33.36 anonymous Mozilla/4.0 (compatible; MSIE 5.5; Windows NT
4.0) PROXYSRV1 - - - - 16 636 - - GET
http://www.dexia.lu/webquotes/index2.asp?lang=en&menu=onl&pagedef=acccli&hre
f=htm/acces_client.asp?lang=en - 12209

10.54.33.36 anonymous Mozilla/4.0 (compatible; MSIE 5.5; Windows NT
4.0) PROXYSRV1 - - - - - 687 - - GET
http://www.dexia.lu/webquotes/look_menu.asp?lang=en&menu=haut - 0

10.54.33.36 anonymous Mozilla/4.0 (compatible; MSIE 5.5; Windows NT
4.0) PROXYSRV1 - - - - - 732 - - GET
http://www.dexia.lu/webquotes/index2.asp?lang=en&menu=onl&pagedef=acccli&hre
f=htm/acces_client.asp?lang=en - 0

10.54.33.36 LUXEMBOURG\a2400 Mozilla/4.0 (compatible; MSIE 5.5; Windows NT
4.0) PROXYSRV1 - www.dexia.lu 194.7.201.104 80 234 876 646 http GET
http://www.dexia.lu/webquotes/index2.asp?lang=en&menu=onl&pagedef=acccli&hre
f=htm/acces_client.asp?lang=en Inet 200

10.54.33.36 anonymous Mozilla/4.0 (compatible; MSIE 5.5; Windows NT
4.0) PROXYSRV1 - - - - - 606 - - GET
http://www.dexia.lu/webquotes/look_menu.asp?lang=en&menu=onl&pagedef=acccli
- 12209

10.54.33.36 anonymous Mozilla/4.0 (compatible; MSIE 5.5; Windows NT
4.0) PROXYSRV1 - - - - - 702 - - GET
http://www.dexia.lu/webquotes/look_menu.asp?lang=en&menu=onl&pagedef=acccli
- 0

10.54.33.36 LUXEMBOURG\a2400 Mozilla/4.0 (compatible; MSIE 5.5; Windows NT
4.0) PROXYSRV1 - www.dexia.lu 194.7.201.104 80 359 831 10343 http GET
http://www.dexia.lu/webquotes/look_menu.asp?lang=en&menu=haut Inet 200

10.54.33.36 anonymous Mozilla/4.0 (compatible; MSIE 5.5; Windows NT
4.0) PROXYSRV1 - - - - - 455 - - GET
http://www.dexia.lu/img/L5/L5_v1_topimg_mncon.jpg - 12209

10.54.33.36 anonymous Mozilla/4.0 (compatible; MSIE 5.5; Windows NT
4.0) PROXYSRV1 - - - - - 551 - - GET
http://www.dexia.lu/img/L5/L5_v1_topimg_mncon.jpg - 0

10.54.33.36 LUXEMBOURG\a2400 Mozilla/4.0 (compatible; MSIE 5.5; Windows NT
4.0) PROXYSRV1 - www.dexia.lu - 80 - 695 153 http GET
http://www.dexia.lu/img/L5/L5_v1_topimg_mncon.jpg NotModified 0

10.54.33.36 LUXEMBOURG\a2400 Mozilla/4.0 (compatible; MSIE 5.5; Windows NT
4.0) PROXYSRV1 - www.dexia.lu 194.7.201.104 80 78 589 183 http GET
http://www.dexia.lu/webquotes/htm/acces_client.asp?lang=en Inet 302

10.54.33.36 anonymous Mozilla/4.0 (compatible; MSIE 5.5; Windows NT
4.0) PROXYSRV1 - - - - - 450 - - GET
http://www.dexia.lu/img/L5/L5_v1_logo_bg.gif - 12209

10.54.33.36 anonymous Mozilla/4.0 (compatible; MSIE 5.5; Windows NT
4.0) PROXYSRV1 - - - - - 546 - - GET
http://www.dexia.lu/img/L5/L5_v1_logo_bg.gif - 0

10.54.33.36 LUXEMBOURG\a2400 Mozilla/4.0 (compatible; MSIE 5.5; Windows NT
4.0) PROXYSRV1 - www.dexia.lu - 80 - 690 153 http GET
http://www.dexia.lu/img/L5/L5_v1_logo_bg.gif NotModified 0

10.54.33.36 LUXEMBOURG\a2400 Mozilla/4.0 (compatible; MSIE 5.5; Windows NT
4.0) PROXYSRV1 - www.dexia.lu - 80 - 451 153 http GET
http://www.dexia.lu/img/L5/L5_v1_logo_off.gif NotModified 0

10.54.33.36 LUXEMBOURG\a2400 Mozilla/4.0 (compatible; MSIE 5.5; Windows NT
4.0) PROXYSRV1 - www.dexia.lu - 80 - 453 153 http GET
http://www.dexia.lu/img/L5/L5_v1_topimg_onl.jpg NotModified 0

10.54.33.36 LUXEMBOURG\a2400 Mozilla/4.0 (compatible; MSIE 5.5; Windows NT
4.0) PROXYSRV1 - www.dexia.lu - 80 - 454 153 http GET
http://www.dexia.lu/img/L5/L5_v1_topimg_plus.jpg NotModified 0

10.54.33.36 LUXEMBOURG\a2400 Mozilla/4.0 (compatible; MSIE 5.5; Windows NT
4.0) PROXYSRV1 - www.dexia.lu 194.7.201.104 80 453 846 21501 http GET
http://www.dexia.lu/webquotes/look_menu.asp?lang=en&menu=onl&pagedef=acccli
Inet 200

10.54.33.36 anonymous Mozilla/4.0 (compatible; MSIE 5.5; Windows NT
4.0) PROXYSRV1 - - - - - 453 - - GET
http://www.dexia.lu/img/L5/L5_v1_topimg_mar.jpg - 12209

10.54.33.36 anonymous Mozilla/4.0 (compatible; MSIE 5.5; Windows NT
4.0) PROXYSRV1 - - - - - 549 - - GET
http://www.dexia.lu/img/L5/L5_v1_topimg_mar.jpg - 0

10.54.33.36 LUXEMBOURG\a2400 Mozilla/4.0 (compatible; MSIE 5.5; Windows NT
4.0) PROXYSRV1 - www.dexia.lu - 80 - 693 153 http GET
http://www.dexia.lu/img/L5/L5_v1_topimg_mar.jpg NotModified 0

10.54.33.36 LUXEMBOURG\a2400 Mozilla/4.0 (compatible; MSIE 5.5; Windows NT
4.0) PROXYSRV1 - www.dexia.lu - 80 - 454 153 http GET
http://www.dexia.lu/img/L5/L5_v1_topimg_sent.jpg NotModified 0

10.54.33.36 LUXEMBOURG\a2400 Mozilla/4.0 (compatible; MSIE 5.5; Windows NT
4.0) PROXYSRV1 - www.dexia.lu - 80 - 454 153 http GET
http://www.dexia.lu/img/L5/L5_v1_topimg_spar.jpg NotModified 0

10.54.33.36 LUXEMBOURG\a2400 Mozilla/4.0 (compatible; MSIE 5.5; Windows NT
4.0) PROXYSRV1 - www.dexia.lu - 80 - 450 153 http GET
http://www.dexia.lu/img/L5/L5_v1_topr_bg.gif NotModified 0

10.54.33.36 LUXEMBOURG\a2400 Mozilla/4.0 (compatible; MSIE 5.5; Windows NT
4.0) PROXYSRV1 - www.dexia.lu - 80 - 449 153 http GET
http://www.dexia.lu/img/L5/L5_v1_search.gif NotModified 0

10.54.33.36 LUXEMBOURG\a2400 Mozilla/4.0 (compatible; MSIE 5.5; Windows NT
4.0) PROXYSRV1 - www.dexia.lu - 80 - 448 153 http GET
http://www.dexia.lu/img/L5/L5_v1_tab_m.gif NotModified 0

10.54.33.36 LUXEMBOURG\a2400 Mozilla/4.0 (compatible; MSIE 5.5; Windows NT
4.0) PROXYSRV1 - www.dexia.lu - 80 - 447 153 http GET
http://www.dexia.lu/img/L5/L5_v1_shim.gif NotModified 0

10.54.33.36 LUXEMBOURG\a2400 Mozilla/4.0 (compatible; MSIE 5.5; Windows NT
4.0) PROXYSRV1 - www.dexia.lu - 80 - 450 153 http GET
http://www.dexia.lu/img/L5/L5_v1_logo_on.gif NotModified 0

10.54.33.36 LUXEMBOURG\a2400 Mozilla/4.0 (compatible; MSIE 5.5; Windows NT
4.0) PROXYSRV1 - www.dexia.lu - 80 - 468 153 http GET
http://www.dexia.lu/img/L5/L5_v1_topmenu_onl.jpg NotModified 0

10.54.33.36 LUXEMBOURG\a2400 Mozilla/4.0 (compatible; MSIE 5.5; Windows NT
4.0) PROXYSRV1 - www.dexia.lu - 80 - 461 153 http GET
http://www.dexia.lu/img/L5/L5_v1_shim.gif NotModified 0

10.54.33.36 LUXEMBOURG\a2400 Mozilla/4.0 (compatible; MSIE 5.5; Windows NT
4.0) PROXYSRV1 - www.dexia.lu - 80 - 469 153 http GET
http://www.dexia.lu/img/L5/L5_en_bottom_menu1.gif NotModified 0

10.54.33.36 LUXEMBOURG\a2400 Mozilla/4.0 (compatible; MSIE 5.5; Windows NT
4.0) PROXYSRV1 - www.dexia.lu - 80 - 453 153 http GET
http://www.dexia.lu/img/L5/L5_v1_topimg_inv.jpg NotModified 0

10.54.33.36 LUXEMBOURG\a2400 Mozilla/4.0 (compatible; MSIE 5.5; Windows NT
4.0) PROXYSRV1 - www.dexia.lu - 80 - 469 153 http GET
http://www.dexia.lu/img/L5/L5_en_bottom_menu2.gif NotModified 0

10.54.33.36 LUXEMBOURG\a2400 Mozilla/4.0 (compatible; MSIE 5.5; Windows NT
4.0) PROXYSRV1 - www.dexia.lu - 80 - 448 153 http GET
http://www.dexia.lu/img/L5/L5_v1_ong_m.gif NotModified 0

10.54.33.36 LUXEMBOURG\a2400 Mozilla/4.0 (compatible; MSIE 5.5; Windows NT
4.0) PROXYSRV1 - www.dexia.lu - 80 - 460 153 http GET
http://www.dexia.lu/img/L5/acces_client/acces_prem.gif NotModified 0

10.54.33.36 LUXEMBOURG\a2400 Mozilla/4.0 (compatible; MSIE 5.5; Windows NT
4.0) PROXYSRV1 - www.dexia.lu - 80 - 449 153 http GET
http://www.dexia.lu/img/L5/L5_v1_tab_l1.gif NotModified 0

10.54.33.36 LUXEMBOURG\a2400 Mozilla/4.0 (compatible; MSIE 5.5; Windows NT
4.0) PROXYSRV1 - www.dexia.lu - 80 - 445 153 http GET
http://www.dexia.lu/img/L5/L5_v1_at.gif NotModified 0

10.54.33.36 LUXEMBOURG\a2400 Mozilla/4.0 (compatible; MSIE 5.5; Windows NT
4.0) PROXYSRV1 - www.dexia.lu 194.7.201.104 80 422 592 10203 http GET
http://www.dexia.lu/webquotes/htm/acces_client_lu.asp?lang=en Inet 200

10.54.33.36 LUXEMBOURG\a2400 Mozilla/4.0 (compatible; MSIE 5.5; Windows NT
4.0) PROXYSRV1 - www.dexia.lu - 80 - 452 153 http GET
http://www.dexia.lu/img/L5/communs/getacro.gif NotModified 0

10.54.33.36 anonymous Mozilla/4.0 (compatible; MSIE 5.5; Windows NT
4.0) PROXYSRV1 - www.dexia-bil.lu - 443 - - - SSL-tunnel -
www.dexia-bil.lu:443 Inet 12209

10.54.33.36 anonymous Mozilla/4.0 (compatible; MSIE 5.5; Windows NT
4.0) PROXYSRV1 - www.dexia-bil.lu - 443 - - - SSL-tunnel -
www.dexia-bil.lu:443 Inet 0

10.54.33.36 LUXEMBOURG\a2400 Mozilla/4.0 (compatible; MSIE 5.5; Windows NT
4.0) PROXYSRV1 - www.dexia-bil.lu 194.7.201.104 443 - 690 3169 SSL-tunnel -
www.dexia-bil.lu:443 Inet 995

10.54.33.36 anonymous Mozilla/4.0 (compatible; MSIE 5.5; Windows NT
4.0) PROXYSRV1 - www.dexia-bil.lu - 443 - - - SSL-tunnel -
www.dexia-bil.lu:443 Inet 12209

10.54.33.36 anonymous Mozilla/4.0 (compatible; MSIE 5.5; Windows NT
4.0) PROXYSRV1 - www.dexia-bil.lu - 443 - - - SSL-tunnel -
www.dexia-bil.lu:443 Inet 0

10.54.33.36 LUXEMBOURG\a2400 Mozilla/4.0 (compatible; MSIE 5.5; Windows NT
4.0) PROXYSRV1 - www.dexia-bil.lu 194.7.201.104 443 - 627 425 SSL-tunnel -
www.dexia-bil.lu:443 Inet 64

10.54.33.36 anonymous Mozilla/4.0 (compatible; MSIE 5.5; Windows NT
4.0) PROXYSRV1 - www.dexia-bil.lu - 443 - - - SSL-tunnel -
www.dexia-bil.lu:443 Inet 12209

10.54.33.36 anonymous Mozilla/4.0 (compatible; MSIE 5.5; Windows NT
4.0) PROXYSRV1 - www.dexia-bil.lu - 443 - - - SSL-tunnel -
www.dexia-bil.lu:443 Inet 0

10.54.33.36 LUXEMBOURG\a2400 Mozilla/4.0 (compatible; MSIE 5.5; Windows NT
4.0) PROXYSRV1 - www.dexia-bil.lu 194.7.201.104 443 - 668 284 SSL-tunnel -
www.dexia-bil.lu:443 Inet 995

10.54.33.36 anonymous Mozilla/4.0 (compatible; MSIE 5.5; Windows NT
4.0) PROXYSRV1 - www.dexia-bil.lu - 443 - - - SSL-tunnel -
www.dexia-bil.lu:443 Inet 12209

10.54.33.36 anonymous Mozilla/4.0 (compatible; MSIE 5.5; Windows NT
4.0) PROXYSRV1 - www.dexia-bil.lu - 443 - - - SSL-tunnel -
www.dexia-bil.lu:443 Inet 0

10.54.33.36 LUXEMBOURG\a2400 Mozilla/4.0 (compatible; MSIE 5.5; Windows NT
4.0) PROXYSRV1 - www.dexia-bil.lu 194.7.201.104 443 - 689 343 SSL-tunnel -
www.dexia-bil.lu:443 Inet 64

10.54.33.36 anonymous Mozilla/4.0 (compatible; MSIE 5.5; Windows NT
4.0) PROXYSRV1 - www.dexia-bil.lu - 443 - - - SSL-tunnel -
www.dexia-bil.lu:443 Inet 12209

10.54.33.36 anonymous Mozilla/4.0 (compatible; MSIE 5.5; Windows NT
4.0) PROXYSRV1 - www.dexia-bil.lu - 443 - - - SSL-tunnel -
www.dexia-bil.lu:443 Inet 0

10.54.33.36 LUXEMBOURG\a2400 Mozilla/4.0 (compatible; MSIE 5.5; Windows NT
4.0) PROXYSRV1 - www.dexia-bil.lu 194.7.201.104 443 - 629 284 SSL-tunnel -
www.dexia-bil.lu:443 Inet 995

10.54.33.36 anonymous Mozilla/4.0 (compatible; MSIE 5.0;
Win32) PROXYSRV1 - www.dexia-bil.lu - 443 - - - SSL-tunnel -
www.dexia-bil.lu:443 Inet 12209

10.54.33.36 anonymous Mozilla/4.0 (compatible; MSIE 5.0;
Win32) PROXYSRV1 - www.dexia-bil.lu - 443 - - - SSL-tunnel -
www.dexia-bil.lu:443 Inet 0

10.54.33.36 LUXEMBOURG\a2400 Mozilla/4.0 (compatible; MSIE 5.0;
Win32) PROXYSRV1 - www.dexia-bil.lu 194.7.201.104 443 - 572 284 SSL-tunnel -
www.dexia-bil.lu:443 Inet 64

10.54.33.36 anonymous Mozilla/4.0 (compatible; MSIE 5.0;
Win32) PROXYSRV1 - www.dexia-bil.lu - 443 - - - SSL-tunnel -
www.dexia-bil.lu:443 Inet 12209

10.54.33.36 anonymous Mozilla/4.0 (compatible; MSIE 5.0;
Win32) PROXYSRV1 - www.dexia-bil.lu - 443 - - - SSL-tunnel -
www.dexia-bil.lu:443 Inet 0

10.54.33.36 LUXEMBOURG\a2400 Mozilla/4.0 (compatible; MSIE 5.0;
Win32) PROXYSRV1 - www.dexia-bil.lu 194.7.201.104 443 - 530 325 SSL-tunnel -
www.dexia-bil.lu:443 Inet 64

10.54.33.36 anonymous Mozilla/4.0 (compatible; MSIE 5.5; Windows NT
4.0) PROXYSRV1 - www.dexia-bil.lu - 443 - - - SSL-tunnel -
www.dexia-bil.lu:443 Inet 12209

10.54.33.36 anonymous Mozilla/4.0 (compatible; MSIE 5.5; Windows NT
4.0) PROXYSRV1 - www.dexia-bil.lu - 443 - - - SSL-tunnel -
www.dexia-bil.lu:443 Inet 0

10.54.33.36 LUXEMBOURG\a2400 Mozilla/4.0 (compatible; MSIE 5.5; Windows NT
4.0) PROXYSRV1 - www.dexia-bil.lu 194.7.201.104 443 - 663 343 SSL-tunnel -
www.dexia-bil.lu:443 Inet 64

10.54.33.36 anonymous Mozilla/4.0 (compatible; MSIE 5.5; Windows NT
4.0) PROXYSRV1 - www.dexia-bil.lu - 443 - - - SSL-tunnel -
www.dexia-bil.lu:443 Inet 12209

10.54.33.36 anonymous Mozilla/4.0 (compatible; MSIE 5.5; Windows NT
4.0) PROXYSRV1 - www.dexia-bil.lu - 443 - - - SSL-tunnel -
www.dexia-bil.lu:443 Inet 0

10.54.33.36 LUXEMBOURG\a2400 Mozilla/4.0 (compatible; MSIE 5.5; Windows NT
4.0) PROXYSRV1 - www.dexia-bil.lu 194.7.201.104 443 - 601 284 SSL-tunnel -
www.dexia-bil.lu:443 Inet 64

10.54.33.36 anonymous Mozilla/4.0 (compatible; MSIE 5.5; Windows NT
4.0) PROXYSRV1 - www.dexia-bil.lu - 443 - - - SSL-tunnel -
www.dexia-bil.lu:443 Inet 12209

10.54.33.36 anonymous Mozilla/4.0 (compatible; MSIE 5.5; Windows NT
4.0) PROXYSRV1 - www.dexia-bil.lu - 443 - - - SSL-tunnel -
www.dexia-bil.lu:443 Inet 0

10.54.33.36 LUXEMBOURG\a2400 Mozilla/4.0 (compatible; MSIE 5.5; Windows NT
4.0) PROXYSRV1 - www.dexia-bil.lu 194.7.201.104 443 - 471 2618 SSL-tunnel -
www.dexia-bil.lu:443 Inet 995

10.54.33.36 anonymous Mozilla/4.0 (compatible; MSIE 5.0;
Win32) PROXYSRV1 - - - - - 311 - - GET
http://www.dexia-bil.lu/multisecure/smartstart/CodeBase/ETSClient.info.unit
- 12209

10.54.33.36 anonymous Mozilla/4.0 (compatible; MSIE 5.0;
Win32) PROXYSRV1 - - - - - 407 - - GET
http://www.dexia-bil.lu/multisecure/smartstart/CodeBase/ETSClient.info.unit
- 0

10.54.33.36 anonymous tryCodeBase PROXYSRV1 - - - - - 185 - - GET
http://www.dexia-bil.lu/multisecure/smartstart/CodeBase/ETSClient.info.unit
- 12209

10.54.33.36 anonymous tryCodeBase PROXYSRV1 - - - - - 281 - - GET
http://www.dexia-bil.lu/multisecure/smartstart/CodeBase/ETSClient.info.unit
- 0

10.54.33.36 LUXEMBOURG\a2400 Mozilla/4.0 (compatible; MSIE 5.0;
Win32) PROXYSRV1 - www.dexia-bil.lu 194.7.201.104 80 109 551 1697 http GET
http://www.dexia-bil.lu/multisecure/smartstart/CodeBase/ETSClient.info.unit
Inet 200

----------------------------------------------------------------------------
-




> I was able to connect and download all the applets without any problem,
> although it did stop at http://127.0.0.1:33251/ETS/start.asp?lang=en with
a
> proxy error (no great surprise there).  Why are you (they) trying to
access
> the localhost for an ASP page?
>
> Those log snips are snipped a little hard; can you send some actual lines?
>
> Jim Harrison
> MCP(NT4, W2K), A+, Network+, PCG
> http://isaserver.org/authors/harrison/
> Read the books!
> ----- Original Message -----
> From: "Jorgen Bruun" <jorgen.bruun@xxxxxxxxx>
> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
> Sent: Monday, June 17, 2002 3:32 AM
> Subject: [isalist] SSL problems on ISA server installed as Proxy & Cache
for
> controlling Internet access
>
>
> http://www.ISAserver.org
>
>
> Hi,
>
> I have just had my first experience with MS ISA server. Overall, this has
> been positive, but I have started to notice problems.
>
> The server is only being used for giving internal users access to the
> Internet. Dedicated HW is being used as Firewall (Cisco PIX + Nokia
> Firewalls), which is why the firewall feature in ISA is not being used.
>
> The server itself is sitting on the same network segment as all the
> clients, and browsers are setup to use the proxy through the default port
> 8080. No autoconfiguration is enabled on the clients as we are still doing
> tests. The ISA server has the firewall Hardware as default Gateway
>
>
> My problem:
> When internal clients try to connect to a specific Internet site (Please
> feel free and try the link yourselves and see if you have the same
> problem), a java application is downloaded and activated, and this then
> tries to retrieve files from the Internet. This process times-out after
> about five minutes with the following message:
>

------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')



------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jorgen.bruun@xxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')

------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')



------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jorgen.bruun@xxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')

------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')

Other related posts:

• » SSL problems on ISA server installed as Proxy & Cache for controlling Internet access
• » Re: SSL problems on ISA server installed as Proxy & Cache for controlling Internet access
• » Re: SSL problems on ISA server installed as Proxy & Cache for controlling Internet access
• » Re: SSL problems on ISA server installed as Proxy & Cache for controlling Internet access
• » Re: SSL problems on ISA server installed as Proxy & Cache for controlling Internet access
• » Re: SSL problems on ISA server installed as Proxy & Cache for controlling Internet access
• » Re: SSL problems on ISA server installed as Proxy & Cache for controlling Internet access
• » Re: SSL problems on ISA server installed as Proxy & Cache for controlling Internet access

1. Home
2. isalist
3. Archive
4. 06-2002

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---