none
SSL Network Tunneling on tcp port 443 RRS feed

  • Question

  • Hi,

    I am configuring a lab with UAG. Does anoyne now if I can configure SSL Network Tunneling on tcp port 443? If I try to select this port, I get a message that this is an invalid port number.

    Thanks,

    Ketil Grimstad

    Wednesday, May 18, 2011 6:57 AM

Answers

  • Hi Ketil,

    UAG listens for traffic from clients only on port 443.

    The 6003 port that you see there is used internally, on the UAG server, when the UAG server grabs the Network Connector tunneled traffic it received over port 443, decrypts the SSL layer from that traffic and then sends it to localhost:6003, where the Network Connector server listens. From there, the NC server decides what to do next with that traffic.

     

    Regards,


    -Ran
    • Proposed as answer by Ran [MSFT] Wednesday, May 18, 2011 8:47 AM
    • Marked as answer by Ketil Grimstad Thursday, May 19, 2011 8:14 PM
    Wednesday, May 18, 2011 8:33 AM

All replies

  • Hi Ketil,

    SSL Network Tunneling is the common name for two similar but not totally identical features in UAG - Network Connector (used for Windows XP and Vista clients) and SSTP (used for Win7 clients). However, in both cases, the tunnel between the clients and the UAG server is always using the same IP address and port as the UAG trunk that publishes these applications. So this means that port 443 is always used, and you cannot really configure any other port, even if you wanted to.

    So what do you mean when you say that if you select port 443 you get an error message? Where in the UAG console do you select this port 443? Are trying by any chance to change the default port 6003 that is used by the Network Connector server, as it appears on the Advanced tab of the SSL Network Tunneling Server window?

    Regards,


    -Ran
    Wednesday, May 18, 2011 8:17 AM
  • Yes, that is the case. I am trying to change from port 6003 to 443. But if I understand you correctly, this is not the port used for communication between the clients and UAG. This will always be the trunk port, tcp 443?

     

    Thanks,

    Ketil Grimstad

    Wednesday, May 18, 2011 8:21 AM
  • Hi Ketil,

    UAG listens for traffic from clients only on port 443.

    The 6003 port that you see there is used internally, on the UAG server, when the UAG server grabs the Network Connector tunneled traffic it received over port 443, decrypts the SSL layer from that traffic and then sends it to localhost:6003, where the Network Connector server listens. From there, the NC server decides what to do next with that traffic.

     

    Regards,


    -Ran
    • Proposed as answer by Ran [MSFT] Wednesday, May 18, 2011 8:47 AM
    • Marked as answer by Ketil Grimstad Thursday, May 19, 2011 8:14 PM
    Wednesday, May 18, 2011 8:33 AM
  • Thankyou, that explains it all :-)

     

    Thanks,

    Ketil Grimstad

    Wednesday, May 18, 2011 8:36 AM