I know this is reaching far for an answer from this list but since our ISA array is integrated into AD it's worth a shot for a solution from this group.
Anyone have experience with ISA arrays in a domain array and how to make the SSL connections maintain persistence when both nodes of the ISA array have outbound internet connections? I have found no documentation regarding this on isaserver.org or the great almighty google.com. Let me clarify the situation we experience: We have a 2 node array for client internet access. Both nodes have a leg in a DMZ and a leg into our internal LAN. SSL works normally and perfectly for browser requests but when an application using the proxy settings for internet accesses an SSL site we see SSL breaking because the server handles requests between both of the array nodes. It seems as though when an application uses the proxy settings there is no persistence or flapping between the nodes. We ran a test to confirm this and saw the exact behavior described. An SSL session was started to a test website, we then surfed and looked at the logs. The w3svc logs showed GET(s) from both nodes rather than maintaining persistence and using one node for the session. I can fix this at the cost of letting only one node handle outbound access. I would rather not do this since we engineered this to be a robust and highly available internet access solution. I would like to maintain both nodes having inbound and outbound access if at all possible. Thanks in advance for any advice. Regards, David Chianese IT - Server Services Delaware Investments Office - (215) 255-8570 Mobile - (267) 549-4777 List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
