We have the following problem with HTTPS traffic from a client (10.40.40.47) on our Internal network to an outside client (172.24.3.2)
on the external network.
This traffic must be routed but is being NAT-ed.
To accomplish this I have used the advice from this blog entry from technet:
http://blogs.technet.com/b/keithab/archive/2012/01/17/creating-a-rule-to-bypass-the-web-proxy-filter-in-isa-server-or-forefront-tmg.aspx
This means I have created the following 2 rules (exactly in this order):
1. Allow HTTPS and custom HTTPS(unbound from webproxy filter) from 10.40.40.47 --> 172.24.3.2
2. Deny HTTPS from 10.40.40.47 --> 172.24.3.2
On the Network rule tab:
Route relationship between 10.40.40.47 and 172.24.3.2
Despite the exact network route relationship this traffic is still being NAT-ed:
Failed Connection Attempt SZ0961 9-12-2014 9:48:30
Log type: Web Proxy (Forward)
Status: 10060 A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond.
Rule: Test EPIC Interconnect to Test LSP omgeving
Source: Internal (10.40.40.47:54909)
Destination: External (172.24.3.2:443)
Request: zim.xto1.lsp.aorta-zorg.nl:443
Filter information:
Req ID: 108ffd81;
Compression: client=No, server=No, compress rate=0% decompress rate=0%
Protocol: SSL-tunnel
User: anonymous
Additional information
Is there something I am missing here why it is still using the general NAT rule instead the specific Route rule?
Maybe someone can guide me what else to look for because I do not understand why it is following the general NAT rule.
Any help/ideas where else to look for is highly appreciated!