SSL tunneling
With Secure Socket Layer (SSL) tunneling, a client can establish a tunnel through the Microsoft Internet Security and Acceleration (ISA) Server directly to the Web server with the requested Secure Hypertext Transfer Protocol (HTTPS) object. Whenever a client browser requests an HTTPS object through ISA Server, it uses SSL tunneling.
The figure illustrates the SSL tunneling process:
1. | When a client requests an SSL object from a Web server on the Internet, ISA Server sends the connect request https://URL_name |
2. | The following request is sent to port 8080 on the ISA Server computer: CONNECT URL_name:443 HTTP/1.1 |
3. | ISA Server connects to the destination Web server on port 443. |
4. | When the TCP connection is established, the ISA Server returns: HTTP/1.0 200 connection established |
From that point on, the client communicates directly with the external Web server.
SSL tunneling works by default for outgoing client requests to ports 443 and 563. You can add SSL tunneling for additional ports by setting FPCProxyTunnelPortRange, an ISA Admin COM object. For more information, see the ISA Server Software Development Kit.
