[isalist] Re: https wireless traffic blocked through TMG fortheiPhone,
- From: Jim Harrison <jim@xxxxxxxxxxxx>
- To: "Ruba Al-Omari, Eng." <romari@xxxxxxxxxx>, "isalist@xxxxxxxxxxxxx" <isalist@xxxxxxxxxxxxx>
- Date: Tue, 10 Jan 2012 06:13:56 -0800
Manual routes on TMG would have fixed that.
From my mangophone
-----Original Message-----
From: Ruba Al-Omari, Eng.
Sent: 1/10/2012 1:16
To: 'Jim Harrison'; isalist@xxxxxxxxxxxxx
Subject: RE: [isalist] Re: https wireless traffic blocked through TMG
fortheiPhone,
It didn’t work, although logically it should, could be because of being on
different subnets, the traffic could travel to the gateway on the other subnet
but couldn’t come back from TMG to the client,
Thanks,
Ruba
From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx]
Sent: Tuesday, January 03, 2012 5:53 PM
To: Ruba Al-Omari, Eng.; isalist@xxxxxxxxxxxxx
Subject: RE: [isalist] Re: https wireless traffic blocked through TMG forthe
iPhone,
You couldn’t simply configure the “core” to route all traffic through TMG
original internal interface?
That would have been a less complicated solution.
From: Ruba Al-Omari, Eng. [mailto:romari@xxxxxxxxxx]
Sent: Tuesday, January 03, 2012 01:18
To: isalist@xxxxxxxxxxxxx; Jim Harrison
Subject: RE: [isalist] Re: https wireless traffic blocked through TMG forthe
iPhone,
Hi Jim,
Thanks for all your help offline, the problem is solved, I am posting the
solution here for anyone else who faces the same problem:
all worked perfectly, had to install a physical interface on the TMG and assign
an ip from the wireless vlan to it, then configure the core to have all
wireless vlan traffic gateway to be the new physical interface,
this was the only way to get non-windows non-http traffic to pass,
thanks again,
ruba
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On
Behalf Of Jim Harrison
Sent: Sunday, December 25, 2011 11:47 PM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: https wireless traffic blocked through TMG forthe iPhone,
Ruba,
That log entry by itself is typical of a broken conversation between the client
and TMG.
Rob knows all about this now <VBG>.
You'll want to observe the entire log sequence between the client and TMG for
the failing case.
You may need to gather some netcaps at the client, TMG and the destination (if
possible).
If you don't feel comfy analyzing those, I'm happy to help (Rob knows this, too
<VBG>)
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On
Behalf Of Jim Harrison
Sent: Sunday, December 25, 2011 09:04
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: https wireless traffic blocked through TMG forthe iPhone,
sorry :( its 11 PM here and was replying from the convenient of my bed, I am
quoting the reply from the desktop now, hope it appears:
"You are absolutely right :) after i arrived in the office in the morning, i
checked the rule again and it appeared its not set to all users, so i changed
it back to all users, and the prompt stopped but the problem stayed, with the
gmail on the mac os, it keeps saying "checking for email" and the error shown
below, this error is from one of ios 5.0.1 ips at the time of the error, now
how do i go about it?"
thanks for your help,
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On
Behalf Of Jim Harrison
Sent: Sunday, December 25, 2011 11:28
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: https wireless traffic blocked through TMG forthe iPhone,
Your iPood is messing things up.
Pls respond from another client?
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On
Behalf Of Jim Harrison
Sent: Sunday, December 25, 2011 09:04
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: https wireless traffic blocked through TMG forthe iPhone,
That won’t cause authentication prompts.
What you need to do is get the IP address from one of the failing clients and
filter the logs from that client IP.
Since the listener is not configured to require authentication, your clients
must be hitting an authenticated rule or they’re lying about the response they
get from TMG.
[The entire original message is not included.]
Other related posts:
- » [isalist] Re: https wireless traffic blocked through TMG fortheiPhone, - Jim Harrison
