Part and parcel of community security, be it in a company LAN or school university, is the installation of a firewall or web content material filter. Problem: A Web request from the ISA Server laptop to a useful resource on the Internal community fails with Error 12209: ISA Server denies the specified Uniform Resources Locator. ISA Server has a Web chaining rule configured, to direct site visitors upstream to the second Web Proxy utility on an alternative port (for example, port 8082). In some circumstances, making use of NAT to site visitors passing through the Web Proxy filter could trigger unexpected outcomes. The HTTP Filter in Forefront TMG is rule particular except the Maximum Header size setting. With this setting in place, ISA Server intercepts requests from SecureNAT and Firewall purchasers, and passes them to the Web Proxy filter for transparent dealing with. Cause: ISA Server intercepts the VPN client request and redirects it to the Web Proxy filter.
This is detected when ISA Server receives the request for the third time, and returns an error. Since the visitors in question was using the HTTP protocol we needed to create a couple of rules on TMG to permit the traffic to cross without being evaluated by the Web Proxy Filter.
The VPN consumer request is identified by ISA Server as coming from the VPN tunnel interface and NAT will not be dealt with correctly and is blocked by ISA Server firewall coverage. When a Web Proxy consumer sends its initial … Read More