Hi,
I am trying to publish a VDM server with ISA 2006, it works as far as launchtunnel then hangs and times out.
I have tried both webserver and Non-web rules but it fails. Has anyone got this working? If so what rules did you use.
I am now going to try setting up a security server and put this in a parimiter (DMZ) network, does this work ok with ISA?
Thanks in advance
Hywel
Interesting topic as I was just speaking with my SE about using ISA with the connection broker just the other day. He said that there was an issue with using the web firewall rules and you must use a layer three rule (server publishing). If you are using a web publishing rule then ISA sees the authentication connection and the second tunnel connection as a man in the middle attack. I can't add much more since I haven't had a chance to test with it but hopefully you can resolve the problem.
If you found this or any other post helpful please consider the use of the Helpful/Correct buttons to award points
Hi guys,
Finally I find someone having the same issue as I am. I am also trying to publish VMware View through an ISA 2006 server and am experiencing the same issue. It hangs when attempting to initiate the second connection back to the View Connection Server. Did you guys find a resolution?
Thank you, Richie
Hello,
I managed to configure my ISA 2006 firewall to allow connections to VMware View 3.0.1. I utilized 2 server publishing rules for port 80 and 443 oppened to a View Security Server. I then configured the Security Server to communicate with the View Standard server (according to the VMware recommended configuration) and I was up and running. There are a few more details if you want to secure your View Portal with a trusted certificate which I have implemented successfully. Pay attention to configuring the external URL and the locked.properties file. Let me know if you need any additional information.
I did not place the Security server in a DMZ network (it resides on the same network as the View Connection Server). This is a lab environment and security is not a huge concern; I do recommend placing the Security Server onto a DMZ network and open the proper ports to the Connection Server for a Production environment (VMware recommends this too ).
Raresh,
Hi,
can you please post or PM detailled configuration?
I have the same issue, timing out with message "A connection to the View Server could not be established. The tunnel initiation failed." after login. False login attempts are denied.
Configuration:
ISA Server 2006 with Web Publishing rule listening on externalvsgw.domain.com on port 443/https and forwarding to internalvsgw.intra.domain.com on port 443/https.
VDM Server has security server configured as Server Name = internalvsgw.intra.domain.com and External URL = (i.e. as above mentioned)
View Security Gateway is configured to use SSL in locked.properties, which is created by View Administrator Portal "Configuration -> Security Servers -> Create Configuration File"
locked.properties:
keyfile=file.pfx
keypass=secretpass
pae-MsgSecMode=OFF
pae-MsgSecPublicKey=...
identity=tunnel...
publicKey=...
privateKey=...
clientProtocol=https
clientHost=externalvsgw.domain.com
clientPort=443
What am I doing wrong?
Regards,
Christian
Hi Raresh,
Were you ever able to use ISA without a Security Server? Can you provide additonal details?
J