Is there a reason you are using Server Publishing rules and not Web Publishing rules? You are only wanting to publish the web site(s) and not the entire server, correct? I have gotten several instances of web "servers" to work fine in the mode you are attempting - ssl over a non-443 port. The trick is to establish a web-publishing rule that uses a destination set with the proper paths defined. For root webs, this would most likely equate to a path of: /* Your listener configuration should also be double-checked. All will work like a champ when configued as mentioned above. You can also accept SSL traffic to the ISA on 444 and redirect it to the internal server via SSL on 443. Let me know if you would like additional info. Thank you. Thomas Ratz Sr. Information Security Analyst National Office Deloitte & Touche +1 (615) 882-7496 tratz@xxxxxxxxxxxx -----Original Message----- From: marc.boutin@xxxxxxxxx [mailto:marc.boutin@xxxxxxxxx] Sent: Tuesday, October 23, 2001 10:38 AM Subject: RE: SSL publishing on two internal servers Thanks for the input...my SSL works fine on three of the sites it is only on one of the french sites that doesn't work.... Here is the setup : ISA dual NIC (example) internal 10.x.x.x external 172.x.x.1 and 172.x.x.2 two internal web servers : 1rst) www.english1.net SSL port - 443 www.french1.net SSL port - 444 server publishing rules bound to first external IP address second) www.english2.net SSL port - 443 www.french2.net SSL port - 444 server publishing rules bound to second IP address All sites work fine on the first server, but on the second one port 444 is not open trough ISA cannot access it from the internet ???? Any solutions ? TIA ! -----Original Message----- From: Thomas Ratz [mailto:tratz@xxxxxxxxxxxx] Sent: Tuesday, October 23, 2001 8:22 AM To: [ISAserver.org Discussion List] Subject: [isalist] RE: SSL publishing on two internal servers http://www.ISAserver.org Repost... This "problem" was also encountered by myself. I was ready to kick myself square in the rear when I figured out the solution: The ISA is assumed to be dual homed with the default gateway pointing to the external NIC and a persistant route established for all internal "default" routes. The SSL certificate installed on the ISA server contains a "friendly" name or url. This name must match the name defined in the redirect area of the web publishing rule as well as in the https [protocol] allow filter section. Modify your /winnt/system32/drivers/etc/hosts file to include the same name used in the step above and bind it to the internal IP address of the destination site. All will be well with the world at this point. ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: marc.boutin@xxxxxxxxx To unsubscribe send a blank email to - This message (including any attachments) contains confidential information intended for a specific individual and purpose, and is protected by law. - If you are not the intended recipient, you should delete this message and are hereby notified that any disclosure, copying, or distribution of this message, or the taking of any action based on it, is strictly prohibited.