Re: Help Configuring a rule

• From: "Greg Foulks" <greg.foulks@xxxxxxxx>
• To: "'[ISAserver.org Discussion List]'" <isalist@xxxxxxxxxxxxx>
• Date: Tue, 14 Jan 2003 17:56:14 -0500

Jim,
I tried to create a protocol rule using a Protocol Definition and it still 
fails.

Here is the log after creating a Protocol rule to allow outbound 40002 and 
Inbound 40002

2003-01-14      22:46:54        12.32.70.210    207.135.149.103 Tcp     21971   
40002   BLOCKED 12.32.70.210
2003-01-14      22:47:00        12.32.70.210    207.135.149.103 Tcp     21971   
40002   BLOCKED 12.32.70.210

Looking at the log here it looks like 40002 is not even able to get out.

Greg Foulks, MCP
NewFound Technologies, Inc.
http://www.nfti.com
Email: greg.foulks@xxxxxxxx
Voice: 614.318.5036
Fax: 614.318.5005


-----Original Message-----
From: Jim Harrison [ISAQFE] [mailto:jim@xxxxxxxxxxxx]
Sent: Tuesday, January 14, 2003 5:16 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: Help Configuring a rule


http://www.ISAserver.org


Yes, it could very well be NAT that's killing the app.
You stated that you're testing from behind ISA; in that case, you need to
create a protocol definition for that app and use it in a protocol rule.

 Jim Harrison
 MCP(NT4, W2K), A+, Network+, PCG
 http://www.microsoft.com/isaserver
 http://isaserver.org/pages/author_index.asp?aut=3
 http://isatools.org

 Read the help, books and articles!

----- Original Message -----
From: "Greg Foulks" <greg.foulks@xxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Tuesday, January 14, 2003 10:04
Subject: [isalist] Help Configuring a rule


http://www.ISAserver.org


I have an application that I am trying to access through my ISA server. This
application is a java web based application. Without
adding any rules and trying to access the application I get this in the ISA
IP logs

2003-01-14 17:52:29 12.32.70.210 207.135.149.103 Tcp 10984 40002 BLOCKED
12.32.70.210
2003-01-14 17:52:47 12.32.70.210 207.135.149.103 Tcp 10949 40002 BLOCKED
12.32.70.210
2003-01-14 17:53:04 207.135.149.103 12.32.70.210 Tcp 40002 10949 BLOCKED
12.32.70.210
2003-01-14 17:53:08 207.135.149.103 12.32.70.210 Tcp 40002 10949 BLOCKED
12.32.70.210
2003-01-14 17:53:17 207.135.149.103 12.32.70.210 Tcp 40002 10949 BLOCKED
12.32.70.210
2003-01-14 17:53:32 207.135.149.103 12.32.70.210 Tcp 40002 10949 BLOCKED
12.32.70.210

Okay so I can see that port 40002 is blocked both inbound and outbound.

So I create a IP packet filter and allow Remote port 40002 and Local Port
dynamic for TCP 40002 direction set to Both.

Now when I try to access the application I get this ISA IP log

2003-01-14 17:55:29 12.32.70.210 207.135.149.103 Tcp 10984 40002 ALLOWED
12.32.70.210
2003-01-14 17:55:47 12.32.70.210 207.135.149.103 Tcp 10949 40002 ALLOWED
12.32.70.210
2003-01-14 17:55:04 207.135.149.103 12.32.70.210 Tcp 40002 10949 ALLOWED
12.32.70.210
2003-01-14 17:55:08 207.135.149.103 12.32.70.210 Tcp 40002 10949 ALLOWED
12.32.70.210
2003-01-14 17:55:17 207.135.149.103 12.32.70.210 Tcp 40002 10949 ALLOWED
12.32.70.210
2003-01-14 17:55:32 207.135.149.103 12.32.70.210 Tcp 40002 10949 ALLOWED
12.32.70.210


However the application fails to start as if something else is still being
blocked.

I've tried to access this application from the sever that is running ISA,
from a computer sitting behind the ISA server, I've tried
it on systems running secureNAT, running the Firewall Client. The only
system that I've been able to get it to work on is a Laptop
that I've setup on the internet with a public IP address that is not behind
the ISA server and it works fine.

Could the problem be with the NAT? Any other ideas that may help?

Thanks,

Greg Foulks, MCP
NewFound Technologies, Inc.
http://www.nfti.com
Email: greg.foulks@xxxxxxxx
Voice: 614.318.5036
Fax: 614.318.5005


------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Exchange Server Resource Site: http://www.msexchange.org/
Windows Security Resource Site: http://www.windowsecurity.com/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')


------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Exchange Server Resource Site: http://www.msexchange.org/
Windows Security Resource Site: http://www.windowsecurity.com/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as: 
greg.foulks@xxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')

Other related posts:

• » Help Configuring a rule
• » Re: Help Configuring a rule
• » Re: Help Configuring a rule
• » Re: Help Configuring a rule
• » RE: Help Configuring a rule
• » Re: Help Configuring a rule
• » RE: Help Configuring a rule
• » Re: Help Configuring a rule
• » Re: Help Configuring a rule
• » Re: Help Configuring a rule
• » Re: Help Configuring a rule
• » RE: Help Configuring a rule

1. Home
2. isalist
3. Archive
4. 01-2003

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---