RE:
- From: "Steve Moffat" <steve@xxxxxxxxxx>
- To: "ISA Mailing List" <isalist@xxxxxxxxxxxxx>
- Date: Thu, 12 Jan 2006 16:45:58 -0400
Ahh, a bit of info...it's SBS 2003...a different kettle of fish
________________________________
From: Jonathon J. Howey [mailto:Jonathon@xxxxxxx]
Sent: Thursday, January 12, 2006 4:21 PM
To: ISA Mailing List
Subject:
http://www.ISAserver.org
I dunno, that's why I'm asking. My machine uses Kerberos of course to
talk to the DC (same server as ISA; SBS 2003), and the UDP packets go
through just fine, so thats why im wondering why the TCP ones are being
denied.
Jonathon J. Howey
KPSA Compliance Management Inc.
P 780.409.5620
F 780.409.5621
D 780.409.5628
C 780.965.8363
Jonathon@xxxxxxx
Guiding the Future of Transportation
www.KPSA.ca <http://www.kpsa.ca/>
________________________________
From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx]
Sent: January 12, 2006 1:09 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: "Failed Connection Attempt" for SSL-tunnel (443)
protocol
http://www.ISAserver.org
Why would it be allowed in the first place?
Thomas W Shinder, M.D.
Site: www.isaserver.org <http://www.isaserver.org/>
Blog: http://spaces.msn.com/members/drisa/
Book: http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7>
MVP -- ISA Firewalls
**Who is John Galt?**
________________________________
From: Jonathon J. Howey [mailto:Jonathon@xxxxxxx]
Sent: Thursday, January 12, 2006 1:37 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: "Failed Connection Attempt" for
SSL-tunnel (443) protocol
http://www.ISAserver.org
For some reason, Kerberos-Sec (TCP) is being denied between ISA
Server and my internal server. Would this have something to do with it?
I deleted my rule I made earlier for the connection between the
external server and my internal server for port 80/443 and the
SSL-tunnel seems to be connecting.
Jonathon J. Howey
KPSA Compliance Management Inc.
P 780.409.5620
F 780.409.5621
D 780.409.5628
C 780.965.8363
Jonathon@xxxxxxx
Guiding the Future of Transportation
www.KPSA.ca <http://www.kpsa.ca/>
________________________________
From: Jonathon J. Howey [mailto:Jonathon@xxxxxxx]
Sent: January 12, 2006 12:21 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: "Failed Connection Attempt" for
SSL-tunnel (443) protocol
http://www.ISAserver.org
Wouldn't the
"
Do NOT configure the client as a Web proxy client.
UNBIND the Web proxy filter from the HTTP protocol.
"
affect all traffic passing through my ISA?
Jonathon J. Howey
KPSA Compliance Management Inc.
P 780.409.5620
F 780.409.5621
D 780.409.5628
C 780.965.8363
Jonathon@xxxxxxx
Guiding the Future of Transportation
www.KPSA.ca <http://www.kpsa.ca/>
________________________________
From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx]
Sent: January 12, 2006 12:19 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: "Failed Connection Attempt" for
SSL-tunnel (443) protocol
http://www.ISAserver.org
Hi Jonathon,
OK, if we're going to play a guessing game, I would do this:
Create an SSL Server Publishing Rule
Create an Acess Rule allowing outbound SSL connections.
Do NOT configure the client as a Web proxy client.
UNBIND the Web proxy filter from the HTTP protocol.
HTH,
Tom
Thomas W Shinder, M.D.
Site: www.isaserver.org <http://www.isaserver.org/>
Blog: http://spaces.msn.com/members/drisa/
Book: http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7>
MVP -- ISA Firewalls
**Who is John Galt?**
________________________________
From: Jonathon J. Howey [mailto:Jonathon@xxxxxxx]
Sent: Thursday, January 12, 2006 1:10 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: "Failed Connection Attempt" for
SSL-tunnel (443) protocol
http://www.ISAserver.org
Tom, I'm wondering if I created a Perimeter network
consisting of my internal server and the server I'm trying to access
over 443, if it will work?
Jonathon J. Howey
KPSA Compliance Management Inc.
P 780.409.5620
F 780.409.5621
D 780.409.5628
C 780.965.8363
Jonathon@xxxxxxx
Guiding the Future of Transportation
www.KPSA.ca <http://www.kpsa.ca/>
to listadmin@xxxxxxxxxxxxx
------------------------------------------------------
List Archives:
http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter:
http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ:
http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion
List as: Jonathon@xxxxxxx
To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
------------------------------------------------------
List Archives:
http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter:
http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ:
http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion
List as: Jonathon@xxxxxxx
To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
------------------------------------------------------
List Archives:
http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter:
http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ:
http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion
List as: tshinder@xxxxxxxxxxxxxxxxxx
To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
Jonathon@xxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
isalist@xxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
Other related posts:
