Interesting... You should write an article on this ;-) ..but on the subject of the FW client errors; that's usually name resolution failure getting in the way (just a note for later). Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://isaserver.org/authors/harrison/ Read the books! ----- Original Message ----- From: <Jorgen.Bruun@xxxxxxxxx> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> Sent: Tuesday, June 18, 2002 10:40 PM Subject: [isalist] Re: SSL problems on ISA server installed as Proxy & Cache for controlling Internet access http://www.ISAserver.org My thoughts precisely. Tried that, but the application told me that it "the server is not an ISA server" and "the server is down" Didn't particularly like that. And there isn't that much one can fiddle with in the FW client. Also if I have to deploy the FW client, it just adds work. So, I concentrated on fixing the Dexia application. Actually, it turned out that enabling the option "Use HTTP 1.1 through proxy connections" in the advanced section of IE setup, fixed the problem completely. Thus I can reenable security on my Proxy again. ;-) Jorgen -----Original Message----- From: Jim Harrison [mailto:jim@xxxxxxxxxxxx] Sent: 18. June 2002 14:46 To: [ISAserver.org Discussion List] Subject: [isalist] Re: SSL problems on ISA server installed as Proxy & Cache for controlling Internet access http://www.ISAserver.org Another option may be to use the FW client; it should intercept the Winsock call that the app seems to be making. Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://isaserver.org/authors/harrison/ Read the books! ----- Original Message ----- From: <Jorgen.Bruun@xxxxxxxxx> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> Cc: <jim@xxxxxxxxxxxx> Sent: Tuesday, June 18, 2002 4:33 AM Subject: [isalist] Re: SSL problems on ISA server installed as Proxy & Cache for controlling Internet access http://www.ISAserver.org Hi Jim, Yes - I do have ISA SP1 installed. It seems pretty obvious to me, that the problem must exist somewhere within ISA. Because sitting at the server itself, which is not configured to use itself as a proxy, I have no problems at all. ... aha! Your question raised a flag! If 12209 is an authentication failure, then it seems that the downloaded application is trying to access the Internet using an anonymous account. I verified this by looking at the log once again. (I had no idea what the "sc-status" field was for until you mentioned that the 12209 entry indicated authentication problems... :-< ) So, it seems, that once the SSL part is concluded, a new http session is initiated as user "anonymous". This is where everything failed. On my server, I have setup the default "Internet Access" policy in Access Policy to only give access to users that are members of a certain group. However, it seems that the applet from Dexia Bank (or whatever it is called) tries to do it's own connection to the Proxy server - as ANONYMOUS. By changing the access Policy rule to apply to all users (even users that are not authenticated) the problem disappeared. However, as you can imagine this is NOT a viable solution - just a temporary workaround. So no matter what, the ISA is doing it's job, and instead I should concentrate on fiddling with the Dexia application instead - if at all possible. Unless you have any workaround for this kind of application behaviour. Anyway, thanks to your invaluable feedback. Kind Regards, Jorgen Bruun Nordea Bank S.A. Luxembourg -----Original Message----- From: Jim Harrison [mailto:jim@xxxxxxxxxxxx] Sent: 17. June 2002 18:08 To: [ISAserver.org Discussion List] Subject: [isalist] Re: SSL problems on ISA server installed as Proxy & Cache for controlling Internet access http://www.ISAserver.org Hi Jorgen, No, you can't run ASP on a client; it's strictly server-side code. From your logs, I'd say that you're having trouble with user authentication; many of the pages are getting refused with "403" and "12209", both of which are authentication failures. Do you have ISA SP1 installed? Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://isaserver.org/authors/harrison/ Read the books! ----- Original Message ----- From: "Jorgen Bruun" <jorgen.bruun@xxxxxxxxx> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> Sent: Monday, June 17, 2002 6:53 AM Subject: [isalist] Re: SSL problems on ISA server installed as Proxy & Cache for controlling Internet access http://www.ISAserver.org OK point taken.. I have tried again, and this time all the info in the log is included. I must admit, I am not aware, that the localhost is being accessed for anything. Again, excuse my ignorance, but is it possible to execute .ASP scripts on my localhost (i.e. the client)? Anyway, I can only show you logs from our own ISA server when clients try to connect to the dexia site. And this is as shown below. I do not have any logs I can look at when succesfully accessing the site from the server itself. Unless you have any suggestions.. :-) Jorgen ---------------------------------------------------------------------------- - 10.54.33.36 anonymous Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 4.0) PROXYSRV1 - - - - - 403 - - GET http://www.dexia.lu/webquotes/index.asp?lang=en&menu=ONL&pagedef=ACCCLI&href =htm/acces_client.asp?lang=en - 12209 10.54.33.36 anonymous Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 4.0) PROXYSRV1 - - - - - 499 - - GET http://www.dexia.lu/webquotes/index.asp?lang=en&menu=ONL&pagedef=ACCCLI&href =htm/acces_client.asp?lang=en - 0 10.54.33.36 LUXEMBOURG\a2400 Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 4.0) PROXYSRV1 - www.dexia.lu 194.7.201.104 80 140 643 1483 http GET http://www.dexia.lu/webquotes/index.asp?lang=en&menu=ONL&pagedef=ACCCLI&href =htm/acces_client.asp?lang=en Inet 200 10.54.33.36 anonymous Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 4.0) PROXYSRV1 - - - - - 591 - - GET http://www.dexia.lu/webquotes/look_menu.asp?lang=en&menu=haut - 12209 10.54.33.36 anonymous Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 4.0) PROXYSRV1 - - - - 16 636 - - GET http://www.dexia.lu/webquotes/index2.asp?lang=en&menu=onl&pagedef=acccli&hre f=htm/acces_client.asp?lang=en - 12209 10.54.33.36 anonymous Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 4.0) PROXYSRV1 - - - - - 687 - - GET http://www.dexia.lu/webquotes/look_menu.asp?lang=en&menu=haut - 0 10.54.33.36 anonymous Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 4.0) PROXYSRV1 - - - - - 732 - - GET http://www.dexia.lu/webquotes/index2.asp?lang=en&menu=onl&pagedef=acccli&hre f=htm/acces_client.asp?lang=en - 0 10.54.33.36 LUXEMBOURG\a2400 Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 4.0) PROXYSRV1 - www.dexia.lu 194.7.201.104 80 234 876 646 http GET http://www.dexia.lu/webquotes/index2.asp?lang=en&menu=onl&pagedef=acccli&hre f=htm/acces_client.asp?lang=en Inet 200 10.54.33.36 anonymous Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 4.0) PROXYSRV1 - - - - - 606 - - GET http://www.dexia.lu/webquotes/look_menu.asp?lang=en&menu=onl&pagedef=acccli - 12209 10.54.33.36 anonymous Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 4.0) PROXYSRV1 - - - - - 702 - - GET http://www.dexia.lu/webquotes/look_menu.asp?lang=en&menu=onl&pagedef=acccli - 0 10.54.33.36 LUXEMBOURG\a2400 Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 4.0) PROXYSRV1 - www.dexia.lu 194.7.201.104 80 359 831 10343 http GET http://www.dexia.lu/webquotes/look_menu.asp?lang=en&menu=haut Inet 200 10.54.33.36 anonymous Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 4.0) PROXYSRV1 - - - - - 455 - - GET http://www.dexia.lu/img/L5/L5_v1_topimg_mncon.jpg - 12209 10.54.33.36 anonymous Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 4.0) PROXYSRV1 - - - - - 551 - - GET http://www.dexia.lu/img/L5/L5_v1_topimg_mncon.jpg - 0 10.54.33.36 LUXEMBOURG\a2400 Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 4.0) PROXYSRV1 - www.dexia.lu - 80 - 695 153 http GET http://www.dexia.lu/img/L5/L5_v1_topimg_mncon.jpg NotModified 0 10.54.33.36 LUXEMBOURG\a2400 Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 4.0) PROXYSRV1 - www.dexia.lu 194.7.201.104 80 78 589 183 http GET http://www.dexia.lu/webquotes/htm/acces_client.asp?lang=en Inet 302 10.54.33.36 anonymous Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 4.0) PROXYSRV1 - - - - - 450 - - GET http://www.dexia.lu/img/L5/L5_v1_logo_bg.gif - 12209 10.54.33.36 anonymous Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 4.0) PROXYSRV1 - - - - - 546 - - GET http://www.dexia.lu/img/L5/L5_v1_logo_bg.gif - 0 10.54.33.36 LUXEMBOURG\a2400 Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 4.0) PROXYSRV1 - www.dexia.lu - 80 - 690 153 http GET http://www.dexia.lu/img/L5/L5_v1_logo_bg.gif NotModified 0 10.54.33.36 LUXEMBOURG\a2400 Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 4.0) PROXYSRV1 - www.dexia.lu - 80 - 451 153 http GET http://www.dexia.lu/img/L5/L5_v1_logo_off.gif NotModified 0 10.54.33.36 LUXEMBOURG\a2400 Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 4.0) PROXYSRV1 - www.dexia.lu - 80 - 453 153 http GET http://www.dexia.lu/img/L5/L5_v1_topimg_onl.jpg NotModified 0 10.54.33.36 LUXEMBOURG\a2400 Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 4.0) PROXYSRV1 - www.dexia.lu - 80 - 454 153 http GET http://www.dexia.lu/img/L5/L5_v1_topimg_plus.jpg NotModified 0 10.54.33.36 LUXEMBOURG\a2400 Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 4.0) PROXYSRV1 - www.dexia.lu 194.7.201.104 80 453 846 21501 http GET http://www.dexia.lu/webquotes/look_menu.asp?lang=en&menu=onl&pagedef=acccli Inet 200 10.54.33.36 anonymous Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 4.0) PROXYSRV1 - - - - - 453 - - GET http://www.dexia.lu/img/L5/L5_v1_topimg_mar.jpg - 12209 10.54.33.36 anonymous Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 4.0) PROXYSRV1 - - - - - 549 - - GET http://www.dexia.lu/img/L5/L5_v1_topimg_mar.jpg - 0 10.54.33.36 LUXEMBOURG\a2400 Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 4.0) PROXYSRV1 - www.dexia.lu - 80 - 693 153 http GET http://www.dexia.lu/img/L5/L5_v1_topimg_mar.jpg NotModified 0 10.54.33.36 LUXEMBOURG\a2400 Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 4.0) PROXYSRV1 - www.dexia.lu - 80 - 454 153 http GET http://www.dexia.lu/img/L5/L5_v1_topimg_sent.jpg NotModified 0 10.54.33.36 LUXEMBOURG\a2400 Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 4.0) PROXYSRV1 - www.dexia.lu - 80 - 454 153 http GET http://www.dexia.lu/img/L5/L5_v1_topimg_spar.jpg NotModified 0 10.54.33.36 LUXEMBOURG\a2400 Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 4.0) PROXYSRV1 - www.dexia.lu - 80 - 450 153 http GET http://www.dexia.lu/img/L5/L5_v1_topr_bg.gif NotModified 0 10.54.33.36 LUXEMBOURG\a2400 Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 4.0) PROXYSRV1 - www.dexia.lu - 80 - 449 153 http GET http://www.dexia.lu/img/L5/L5_v1_search.gif NotModified 0 10.54.33.36 LUXEMBOURG\a2400 Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 4.0) PROXYSRV1 - www.dexia.lu - 80 - 448 153 http GET http://www.dexia.lu/img/L5/L5_v1_tab_m.gif NotModified 0 10.54.33.36 LUXEMBOURG\a2400 Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 4.0) PROXYSRV1 - www.dexia.lu - 80 - 447 153 http GET http://www.dexia.lu/img/L5/L5_v1_shim.gif NotModified 0 10.54.33.36 LUXEMBOURG\a2400 Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 4.0) PROXYSRV1 - www.dexia.lu - 80 - 450 153 http GET http://www.dexia.lu/img/L5/L5_v1_logo_on.gif NotModified 0 10.54.33.36 LUXEMBOURG\a2400 Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 4.0) PROXYSRV1 - www.dexia.lu - 80 - 468 153 http GET http://www.dexia.lu/img/L5/L5_v1_topmenu_onl.jpg NotModified 0 10.54.33.36 LUXEMBOURG\a2400 Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 4.0) PROXYSRV1 - www.dexia.lu - 80 - 461 153 http GET http://www.dexia.lu/img/L5/L5_v1_shim.gif NotModified 0 10.54.33.36 LUXEMBOURG\a2400 Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 4.0) PROXYSRV1 - www.dexia.lu - 80 - 469 153 http GET http://www.dexia.lu/img/L5/L5_en_bottom_menu1.gif NotModified 0 10.54.33.36 LUXEMBOURG\a2400 Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 4.0) PROXYSRV1 - www.dexia.lu - 80 - 453 153 http GET http://www.dexia.lu/img/L5/L5_v1_topimg_inv.jpg NotModified 0 10.54.33.36 LUXEMBOURG\a2400 Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 4.0) PROXYSRV1 - www.dexia.lu - 80 - 469 153 http GET http://www.dexia.lu/img/L5/L5_en_bottom_menu2.gif NotModified 0 10.54.33.36 LUXEMBOURG\a2400 Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 4.0) PROXYSRV1 - www.dexia.lu - 80 - 448 153 http GET http://www.dexia.lu/img/L5/L5_v1_ong_m.gif NotModified 0 10.54.33.36 LUXEMBOURG\a2400 Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 4.0) PROXYSRV1 - www.dexia.lu - 80 - 460 153 http GET http://www.dexia.lu/img/L5/acces_client/acces_prem.gif NotModified 0 10.54.33.36 LUXEMBOURG\a2400 Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 4.0) PROXYSRV1 - www.dexia.lu - 80 - 449 153 http GET http://www.dexia.lu/img/L5/L5_v1_tab_l1.gif NotModified 0 10.54.33.36 LUXEMBOURG\a2400 Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 4.0) PROXYSRV1 - www.dexia.lu - 80 - 445 153 http GET http://www.dexia.lu/img/L5/L5_v1_at.gif NotModified 0 10.54.33.36 LUXEMBOURG\a2400 Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 4.0) PROXYSRV1 - www.dexia.lu 194.7.201.104 80 422 592 10203 http GET http://www.dexia.lu/webquotes/htm/acces_client_lu.asp?lang=en Inet 200 10.54.33.36 LUXEMBOURG\a2400 Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 4.0) PROXYSRV1 - www.dexia.lu - 80 - 452 153 http GET http://www.dexia.lu/img/L5/communs/getacro.gif NotModified 0 10.54.33.36 anonymous Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 4.0) PROXYSRV1 - www.dexia-bil.lu - 443 - - - SSL-tunnel - www.dexia-bil.lu:443 Inet 12209 10.54.33.36 anonymous Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 4.0) PROXYSRV1 - www.dexia-bil.lu - 443 - - - SSL-tunnel - www.dexia-bil.lu:443 Inet 0 10.54.33.36 LUXEMBOURG\a2400 Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 4.0) PROXYSRV1 - www.dexia-bil.lu 194.7.201.104 443 - 690 3169 SSL-tunnel - www.dexia-bil.lu:443 Inet 995 10.54.33.36 anonymous Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 4.0) PROXYSRV1 - www.dexia-bil.lu - 443 - - - SSL-tunnel - www.dexia-bil.lu:443 Inet 12209 10.54.33.36 anonymous Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 4.0) PROXYSRV1 - www.dexia-bil.lu - 443 - - - SSL-tunnel - www.dexia-bil.lu:443 Inet 0 10.54.33.36 LUXEMBOURG\a2400 Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 4.0) PROXYSRV1 - www.dexia-bil.lu 194.7.201.104 443 - 627 425 SSL-tunnel - www.dexia-bil.lu:443 Inet 64 10.54.33.36 anonymous Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 4.0) PROXYSRV1 - www.dexia-bil.lu - 443 - - - SSL-tunnel - www.dexia-bil.lu:443 Inet 12209 10.54.33.36 anonymous Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 4.0) PROXYSRV1 - www.dexia-bil.lu - 443 - - - SSL-tunnel - www.dexia-bil.lu:443 Inet 0 10.54.33.36 LUXEMBOURG\a2400 Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 4.0) PROXYSRV1 - www.dexia-bil.lu 194.7.201.104 443 - 668 284 SSL-tunnel - www.dexia-bil.lu:443 Inet 995 10.54.33.36 anonymous Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 4.0) PROXYSRV1 - www.dexia-bil.lu - 443 - - - SSL-tunnel - www.dexia-bil.lu:443 Inet 12209 10.54.33.36 anonymous Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 4.0) PROXYSRV1 - www.dexia-bil.lu - 443 - - - SSL-tunnel - www.dexia-bil.lu:443 Inet 0 10.54.33.36 LUXEMBOURG\a2400 Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 4.0) PROXYSRV1 - www.dexia-bil.lu 194.7.201.104 443 - 689 343 SSL-tunnel - www.dexia-bil.lu:443 Inet 64 10.54.33.36 anonymous Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 4.0) PROXYSRV1 - www.dexia-bil.lu - 443 - - - SSL-tunnel - www.dexia-bil.lu:443 Inet 12209 10.54.33.36 anonymous Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 4.0) PROXYSRV1 - www.dexia-bil.lu - 443 - - - SSL-tunnel - www.dexia-bil.lu:443 Inet 0 10.54.33.36 LUXEMBOURG\a2400 Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 4.0) PROXYSRV1 - www.dexia-bil.lu 194.7.201.104 443 - 629 284 SSL-tunnel - www.dexia-bil.lu:443 Inet 995 10.54.33.36 anonymous Mozilla/4.0 (compatible; MSIE 5.0; Win32) PROXYSRV1 - www.dexia-bil.lu - 443 - - - SSL-tunnel - www.dexia-bil.lu:443 Inet 12209 10.54.33.36 anonymous Mozilla/4.0 (compatible; MSIE 5.0; Win32) PROXYSRV1 - www.dexia-bil.lu - 443 - - - SSL-tunnel - www.dexia-bil.lu:443 Inet 0 10.54.33.36 LUXEMBOURG\a2400 Mozilla/4.0 (compatible; MSIE 5.0; Win32) PROXYSRV1 - www.dexia-bil.lu 194.7.201.104 443 - 572 284 SSL-tunnel - www.dexia-bil.lu:443 Inet 64 10.54.33.36 anonymous Mozilla/4.0 (compatible; MSIE 5.0; Win32) PROXYSRV1 - www.dexia-bil.lu - 443 - - - SSL-tunnel - www.dexia-bil.lu:443 Inet 12209 10.54.33.36 anonymous Mozilla/4.0 (compatible; MSIE 5.0; Win32) PROXYSRV1 - www.dexia-bil.lu - 443 - - - SSL-tunnel - www.dexia-bil.lu:443 Inet 0 10.54.33.36 LUXEMBOURG\a2400 Mozilla/4.0 (compatible; MSIE 5.0; Win32) PROXYSRV1 - www.dexia-bil.lu 194.7.201.104 443 - 530 325 SSL-tunnel - www.dexia-bil.lu:443 Inet 64 10.54.33.36 anonymous Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 4.0) PROXYSRV1 - www.dexia-bil.lu - 443 - - - SSL-tunnel - www.dexia-bil.lu:443 Inet 12209 10.54.33.36 anonymous Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 4.0) PROXYSRV1 - www.dexia-bil.lu - 443 - - - SSL-tunnel - www.dexia-bil.lu:443 Inet 0 10.54.33.36 LUXEMBOURG\a2400 Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 4.0) PROXYSRV1 - www.dexia-bil.lu 194.7.201.104 443 - 663 343 SSL-tunnel - www.dexia-bil.lu:443 Inet 64 10.54.33.36 anonymous Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 4.0) PROXYSRV1 - www.dexia-bil.lu - 443 - - - SSL-tunnel - www.dexia-bil.lu:443 Inet 12209 10.54.33.36 anonymous Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 4.0) PROXYSRV1 - www.dexia-bil.lu - 443 - - - SSL-tunnel - www.dexia-bil.lu:443 Inet 0 10.54.33.36 LUXEMBOURG\a2400 Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 4.0) PROXYSRV1 - www.dexia-bil.lu 194.7.201.104 443 - 601 284 SSL-tunnel - www.dexia-bil.lu:443 Inet 64 10.54.33.36 anonymous Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 4.0) PROXYSRV1 - www.dexia-bil.lu - 443 - - - SSL-tunnel - www.dexia-bil.lu:443 Inet 12209 10.54.33.36 anonymous Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 4.0) PROXYSRV1 - www.dexia-bil.lu - 443 - - - SSL-tunnel - www.dexia-bil.lu:443 Inet 0 10.54.33.36 LUXEMBOURG\a2400 Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 4.0) PROXYSRV1 - www.dexia-bil.lu 194.7.201.104 443 - 471 2618 SSL-tunnel - www.dexia-bil.lu:443 Inet 995 10.54.33.36 anonymous Mozilla/4.0 (compatible; MSIE 5.0; Win32) PROXYSRV1 - - - - - 311 - - GET http://www.dexia-bil.lu/multisecure/smartstart/CodeBase/ETSClient.info.unit - 12209 10.54.33.36 anonymous Mozilla/4.0 (compatible; MSIE 5.0; Win32) PROXYSRV1 - - - - - 407 - - GET http://www.dexia-bil.lu/multisecure/smartstart/CodeBase/ETSClient.info.unit - 0 10.54.33.36 anonymous tryCodeBase PROXYSRV1 - - - - - 185 - - GET http://www.dexia-bil.lu/multisecure/smartstart/CodeBase/ETSClient.info.unit - 12209 10.54.33.36 anonymous tryCodeBase PROXYSRV1 - - - - - 281 - - GET http://www.dexia-bil.lu/multisecure/smartstart/CodeBase/ETSClient.info.unit - 0 10.54.33.36 LUXEMBOURG\a2400 Mozilla/4.0 (compatible; MSIE 5.0; Win32) PROXYSRV1 - www.dexia-bil.lu 194.7.201.104 80 109 551 1697 http GET http://www.dexia-bil.lu/multisecure/smartstart/CodeBase/ETSClient.info.unit Inet 200 ---------------------------------------------------------------------------- - > I was able to connect and download all the applets without any problem, > although it did stop at http://127.0.0.1:33251/ETS/start.asp?lang=en with a > proxy error (no great surprise there). Why are you (they) trying to access > the localhost for an ASP page? > > Those log snips are snipped a little hard; can you send some actual lines? > > Jim Harrison > MCP(NT4, W2K), A+, Network+, PCG > http://isaserver.org/authors/harrison/ > Read the books! > ----- Original Message ----- > From: "Jorgen Bruun" <jorgen.bruun@xxxxxxxxx> > To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> > Sent: Monday, June 17, 2002 3:32 AM > Subject: [isalist] SSL problems on ISA server installed as Proxy & Cache for > controlling Internet access > > > http://www.ISAserver.org > > > Hi, > > I have just had my first experience with MS ISA server. Overall, this has > been positive, but I have started to notice problems. > > The server is only being used for giving internal users access to the > Internet. Dedicated HW is being used as Firewall (Cisco PIX + Nokia > Firewalls), which is why the firewall feature in ISA is not being used. > > The server itself is sitting on the same network segment as all the > clients, and browsers are setup to use the proxy through the default port > 8080. No autoconfiguration is enabled on the clients as we are still doing > tests. The ISA server has the firewall Hardware as default Gateway > > > My problem: > When internal clients try to connect to a specific Internet site (Please > feel free and try the link yourselves and see if you have the same > problem), a java application is downloaded and activated, and this then > tries to retrieve files from the Internet. This process times-out after > about five minutes with the following message: > ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jorgen.bruun@xxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jorgen.bruun@xxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')