Jim, I tried to create a protocol rule using a Protocol Definition and it still fails. Here is the log after creating a Protocol rule to allow outbound 40002 and Inbound 40002 2003-01-14 22:46:54 12.32.70.210 207.135.149.103 Tcp 21971 40002 BLOCKED 12.32.70.210 2003-01-14 22:47:00 12.32.70.210 207.135.149.103 Tcp 21971 40002 BLOCKED 12.32.70.210 Looking at the log here it looks like 40002 is not even able to get out. Greg Foulks, MCP NewFound Technologies, Inc. http://www.nfti.com Email: greg.foulks@xxxxxxxx Voice: 614.318.5036 Fax: 614.318.5005 -----Original Message----- From: Jim Harrison [ISAQFE] [mailto:jim@xxxxxxxxxxxx] Sent: Tuesday, January 14, 2003 5:16 PM To: [ISAserver.org Discussion List] Subject: [isalist] Re: Help Configuring a rule http://www.ISAserver.org Yes, it could very well be NAT that's killing the app. You stated that you're testing from behind ISA; in that case, you need to create a protocol definition for that app and use it in a protocol rule. Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://www.microsoft.com/isaserver http://isaserver.org/pages/author_index.asp?aut=3 http://isatools.org Read the help, books and articles! ----- Original Message ----- From: "Greg Foulks" <greg.foulks@xxxxxxxx> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> Sent: Tuesday, January 14, 2003 10:04 Subject: [isalist] Help Configuring a rule http://www.ISAserver.org I have an application that I am trying to access through my ISA server. This application is a java web based application. Without adding any rules and trying to access the application I get this in the ISA IP logs 2003-01-14 17:52:29 12.32.70.210 207.135.149.103 Tcp 10984 40002 BLOCKED 12.32.70.210 2003-01-14 17:52:47 12.32.70.210 207.135.149.103 Tcp 10949 40002 BLOCKED 12.32.70.210 2003-01-14 17:53:04 207.135.149.103 12.32.70.210 Tcp 40002 10949 BLOCKED 12.32.70.210 2003-01-14 17:53:08 207.135.149.103 12.32.70.210 Tcp 40002 10949 BLOCKED 12.32.70.210 2003-01-14 17:53:17 207.135.149.103 12.32.70.210 Tcp 40002 10949 BLOCKED 12.32.70.210 2003-01-14 17:53:32 207.135.149.103 12.32.70.210 Tcp 40002 10949 BLOCKED 12.32.70.210 Okay so I can see that port 40002 is blocked both inbound and outbound. So I create a IP packet filter and allow Remote port 40002 and Local Port dynamic for TCP 40002 direction set to Both. Now when I try to access the application I get this ISA IP log 2003-01-14 17:55:29 12.32.70.210 207.135.149.103 Tcp 10984 40002 ALLOWED 12.32.70.210 2003-01-14 17:55:47 12.32.70.210 207.135.149.103 Tcp 10949 40002 ALLOWED 12.32.70.210 2003-01-14 17:55:04 207.135.149.103 12.32.70.210 Tcp 40002 10949 ALLOWED 12.32.70.210 2003-01-14 17:55:08 207.135.149.103 12.32.70.210 Tcp 40002 10949 ALLOWED 12.32.70.210 2003-01-14 17:55:17 207.135.149.103 12.32.70.210 Tcp 40002 10949 ALLOWED 12.32.70.210 2003-01-14 17:55:32 207.135.149.103 12.32.70.210 Tcp 40002 10949 ALLOWED 12.32.70.210 However the application fails to start as if something else is still being blocked. I've tried to access this application from the sever that is running ISA, from a computer sitting behind the ISA server, I've tried it on systems running secureNAT, running the Firewall Client. The only system that I've been able to get it to work on is a Laptop that I've setup on the internet with a public IP address that is not behind the ISA server and it works fine. Could the problem be with the NAT? Any other ideas that may help? Thanks, Greg Foulks, MCP NewFound Technologies, Inc. http://www.nfti.com Email: greg.foulks@xxxxxxxx Voice: 614.318.5036 Fax: 614.318.5005 ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Exchange Server Resource Site: http://www.msexchange.org/ Windows Security Resource Site: http://www.windowsecurity.com/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Exchange Server Resource Site: http://www.msexchange.org/ Windows Security Resource Site: http://www.windowsecurity.com/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: greg.foulks@xxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')