RE: SSL publishing on two internal servers
- From: "Ratz, Thomas (US - Hermitage)" <tratz@xxxxxxxxxxxx>
- To: "'[ISAserver.org Discussion List]'" <isalist@xxxxxxxxxxxxx>
- Date: Wed, 24 Oct 2001 08:32:50 -0500
Is there a reason you are using Server Publishing rules and not Web
Publishing rules?
You are only wanting to publish the web site(s) and not the entire server,
correct?
I have gotten several instances of web "servers" to work fine in the mode
you are attempting - ssl over a non-443 port. The trick is to establish a
web-publishing rule that uses a destination set with the proper paths
defined.
For root webs, this would most likely equate to a path of: /*
Your listener configuration should also be double-checked.
All will work like a champ when configued as mentioned above.
You can also accept SSL traffic to the ISA on 444 and redirect it to the
internal server via SSL on 443.
Let me know if you would like additional info.
Thank you.
Thomas Ratz
Sr. Information Security Analyst
National Office
Deloitte & Touche
+1 (615) 882-7496
tratz@xxxxxxxxxxxx
-----Original Message-----
From: marc.boutin@xxxxxxxxx [mailto:marc.boutin@xxxxxxxxx]
Sent: Tuesday, October 23, 2001 10:38 AM
Subject: RE: SSL publishing on two internal servers
Thanks for the input...my SSL works fine on three of the sites it is only on
one of the french sites that doesn't work....
Here is the setup :
ISA dual NIC (example)
internal 10.x.x.x
external 172.x.x.1 and 172.x.x.2
two internal web servers :
1rst) www.english1.net SSL port - 443
www.french1.net SSL port - 444
server publishing rules bound to first external IP address
second) www.english2.net SSL port - 443
www.french2.net SSL port - 444
server publishing rules bound to second IP address
All sites work fine on the first server, but on the second one port 444 is
not open trough ISA cannot access it from the internet ????
Any solutions ?
TIA !
-----Original Message-----
From: Thomas Ratz [mailto:tratz@xxxxxxxxxxxx]
Sent: Tuesday, October 23, 2001 8:22 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: SSL publishing on two internal servers
http://www.ISAserver.org
Repost...
This "problem" was also encountered by myself. I was ready to kick myself
square in the rear when I figured out the solution:
The ISA is assumed to be dual homed with the default gateway pointing to
the external NIC and a persistant route established for all internal
"default" routes.
The SSL certificate installed on the ISA server contains a "friendly" name
or url. This name must match the name defined in the redirect area of the
web publishing rule as well as in the https [protocol] allow filter
section.
Modify your /winnt/system32/drivers/etc/hosts file to include the same
name used in the step above and bind it to the internal IP address of the
destination site.
All will be well with the world at this point.
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
marc.boutin@xxxxxxxxx
To unsubscribe send a blank email to
- This message (including any attachments) contains confidential information
intended for a specific individual and purpose, and is protected by law. -
If you are not the intended recipient, you should delete this message and
are hereby notified that any disclosure, copying, or distribution of this
message, or the taking of any action based on it, is strictly prohibited.
Other related posts:
