1. Manuals
  2. Brands
  3. SonicWALL Manuals
  4. Gateway
  5. SSL-VPN 2000
  6. Administrator's manual

Microsoft Isa Server; Deploying A Sonicwall Ssl-Vpn Behind A Microsoft Isa Server; Configuring Isa - SonicWALL SSL-VPN 2000 Administrator's Manual

Secure remote access appliance
Hide thumbs Also See for SSL-VPN 2000:
Table of Contents

Advertisement

Microsoft ISA Server

Deploying a SonicWALL SSL-VPN Behind a Microsoft ISA Server

This section describes how to set up a SonicWALL SSL-VPN appliance behind a Microsoft ISA
Server on a Windows Small Business Server (SBS) network. The SBS has an external and an
internal network card and ISA is configured in integrated mode. The procedures described in
this section have been tested on ISA 2004, but are similar for ISA 2000 and 2006.
Because the SSL-VPN uses the HTTPS protocol on port 443, inbound traffic addressed to port
443 needs to arrive at the SSL-VPN unchanged after traversing the ISA server. However, the
ISA server acts as a proxy when you deploy the SSL-VPN as a "Web server" behind it and it
does not support HTTPS CONNECT methods.
When ISA intercepts the SSL traffic, it interprets the external HTTP CONNECT method as SSL-
TUNNEL traffic with a CONNECT request (a CERN Proxy request), which is an outbound
request, and ISA will drop it. When this happens, remote users will not be able to access
various client applications including Telnet, SSH, VNC, NetExtender, RDP, and Virtual Assist
when connecting through the SonicWall SSL VPN Web portal.
If the SBS is connected to a gateway device or router, the gateway or router must be configured
to forward incoming SSL traffic on port 443 to the external network card of the Small Business
Server. This port forwarding task is beyond the scope of this section.

Configuring ISA

The SonicWALL SSL-VPN must be published as a Server (not a Web Server) within ISA to
allow the inbound SSL connection through the ISA firewall.
Configuration Tasks
You will need to perform the following tasks to configure ISA:
Configuring a Protocol Definition
To configure an inbound Protocol Definition, perform the following steps on your ISA:
In the management interface, create a Protocol Definition.
Step 1
Name it SSL.
Step 2
Set the Port number to 443.
Step 3
Set the Protocol type to TCP.
Step 4
Configure an inbound Protocol Definition for port 443.
Configure a Server Publishing Rule for the SonicWALL SSL-VPN to make the server
available to external users.
Configure the incoming Web requests listener to ignore inbound SSL traffic.
SonicWALL SSL VPN 4.0 Administrator's Guide
Microsoft ISA Server
287
Show Quick Links

Hide quick links:

Advertisement

Table of Contents
loading

Related Manuals for SonicWALL SSL-VPN 2000

Related Products for SonicWALL SSL-VPN 2000

This manual is also suitable for:

Ssl-vpn 4000

Table of Contents