Hi all,
Having not much joy with our current setup.
Set as follow:
ADFS.mydomain.local 443
CRM.mydomain.local 444
Therefore the internal endpoints are:
10.1.1.5 sts1.mydomain.local
10.1.1.5 Org.mydomain.local
10.1.1.5 dev.mydomain.local
10.1.1.5 auth.mydomain.local
All tested okay within LAN, using DNS/browser. The logon page is displayed and successfully authenticated to the CRM server using (claim based)
https://org.mydomain.local:444
I have published the external IPs of these two end points. Do I need
ALL end points to be published externally?
128.xxx.xxx.xxx -> sts1.mydomain.com
128.xxx.xxx.xxx > - org.mydomain.com
When it comes to TMG rules:
Defined Port 444 any: 10.1.1.5
One listener:
Listening on 443
Bridging on 444
IP to 128.xxx.xxx.xxx
Wild card bind to *.mydomain.com
No auth.
Firewall rules:
Org CRM rule
From any to Org.mydomain.com, to IP 10.1.1.5. Forward the original host header.
Listener on 443. Bridge to SSL port 444.
Path /*, no delegate and client cannot authenticate directly.
STS1 rule
From any to sts1.mydomain.com, to IP 10.1.1.5. Forward the original host header.
Listener on 443. Bridge to SSL port 443.
Path /*, no delegate and client cannot authenticate directly.
Auth rule
From any to auth.mydomain.com, to IP 10.1.1.5. Forward the original host header.
Listener on 443. Bridge to SSL port 444.
Path /*, no delegate and client cannot authenticate directly.
Discovery rule
From any to dev.mydomain.com, to IP 10.1.1.5. Forward the original host header.
Listener on 443. Bridge to SSL port 444.
Path /*, no delegate and client cannot authenticate directly.
I get timed out error from logging from an external client.
Log tyep: web Proxy (reverse)
Failed connection Attempt
status: 10060 A connection attempt failed bacause the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond.
Rule: Org CRM rule
Destination: local host (org.mydomain.com 10.1.1.5:444)
Request: GET http://org.mydomain.com/favicon.ico
Filter info: Req ID: oaaec994
protocal: https
User anonymous
From cmd I can telnet to Org.mydomain.com on 443, no issues there.
Since I am not using the standard port for ssl 443 for CRM. While listening to 443 & bridging to 444 should solve the problem? Or do I really need to extend the port tunnel 444 to become SSL port like it mentioned below?
http://www.isaserver.org/articles-tutorials/articles/2004tunnelportrange.html
Also do I need another listener just for port 444? Many thanks in advance.
Regards,
Shing