HywelB
Enthusiast
Enthusiast

Publish VDM Server with ISA2006

Hi,

I am trying to publish a VDM server with ISA 2006, it works as far as launchtunnel then hangs and times out.

I have tried both webserver and Non-web rules but it fails. Has anyone got this working? If so what rules did you use.

I am now going to try setting up a security server and put this in a parimiter (DMZ) network, does this work ok with ISA?

Thanks in advance

Hywel

0 Kudos
5 Replies
mittim12
Immortal
Immortal

Interesting topic as I was just speaking with my SE about using ISA with the connection broker just the other day. He said that there was an issue with using the web firewall rules and you must use a layer three rule (server publishing). If you are using a web publishing rule then ISA sees the authentication connection and the second tunnel connection as a man in the middle attack. I can't add much more since I haven't had a chance to test with it but hopefully you can resolve the problem.

If you found this or any other post helpful please consider the use of the Helpful/Correct buttons to award points

0 Kudos
Raresh
Contributor
Contributor

Hi guys,

Finally I find someone having the same issue as I am. I am also trying to publish VMware View through an ISA 2006 server and am experiencing the same issue. It hangs when attempting to initiate the second connection back to the View Connection Server. Did you guys find a resolution?

Thank you, Richie

0 Kudos
Raresh
Contributor
Contributor

Hello,

I managed to configure my ISA 2006 firewall to allow connections to VMware View 3.0.1. I utilized 2 server publishing rules for port 80 and 443 oppened to a View Security Server. I then configured the Security Server to communicate with the View Standard server (according to the VMware recommended configuration) and I was up and running. There are a few more details if you want to secure your View Portal with a trusted certificate which I have implemented successfully. Pay attention to configuring the external URL and the locked.properties file. Let me know if you need any additional information.

I did not place the Security server in a DMZ network (it resides on the same network as the View Connection Server). This is a lab environment and security is not a huge concern; I do recommend placing the Security Server onto a DMZ network and open the proper ports to the Connection Server for a Production environment (VMware recommends this too Smiley Happy ).

Raresh,

0 Kudos
bister
Expert
Expert

Hi,

can you please post or PM detailled configuration?

I have the same issue, timing out with message "A connection to the View Server could not be established. The tunnel initiation failed." after login. False login attempts are denied.

Configuration:

ISA Server 2006 with Web Publishing rule listening on externalvsgw.domain.com on port 443/https and forwarding to internalvsgw.intra.domain.com on port 443/https.

VDM Server has security server configured as Server Name = internalvsgw.intra.domain.com and External URL = (i.e. as above mentioned)

View Security Gateway is configured to use SSL in locked.properties, which is created by View Administrator Portal "Configuration -> Security Servers -> Create Configuration File"

locked.properties:

keyfile=file.pfx

keypass=secretpass

pae-MsgSecMode=OFF

pae-MsgSecPublicKey=...

identity=tunnel...

publicKey=...

privateKey=...

clientProtocol=https

clientHost=externalvsgw.domain.com

clientPort=443

What am I doing wrong?

Regards,

Christian

0 Kudos
jusrr
Contributor
Contributor

Hi Raresh,

Were you ever able to use ISA without a Security Server? Can you provide additonal details?

J

0 Kudos