Jim, 30 sec, 5 minutes I even restarted the services. Greg ----- Original Message ----- From: "Jim Harrison [ISAQFE]" <jim@xxxxxxxxxxxx> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> Sent: Tuesday, January 14, 2003 7:43 PM Subject: [isalist] Re: Help Configuring a rule > http://www.ISAserver.org > > > Hi Greg, > How long after rule creation did you wait to test? > It takes about 30 secs for any policy changes to take effect... > > Jim Harrison > MCP(NT4, W2K), A+, Network+, PCG > http://www.microsoft.com/isaserver > http://isaserver.org/pages/author_index.asp?aut=3 > http://isatools.org > > Read the help, books and articles! > > ----- Original Message ----- > From: "Greg Foulks" <greg.foulks@xxxxxxxx> > To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> > Sent: Tuesday, January 14, 2003 14:56 > Subject: [isalist] Re: Help Configuring a rule > > > http://www.ISAserver.org > > > Jim, > I tried to create a protocol rule using a Protocol Definition and it still > fails. > > Here is the log after creating a Protocol rule to allow outbound 40002 and > Inbound 40002 > > 2003-01-14 22:46:54 12.32.70.210 207.135.149.103 Tcp 21971 40002 BLOCKED > 12.32.70.210 > 2003-01-14 22:47:00 12.32.70.210 207.135.149.103 Tcp 21971 40002 BLOCKED > 12.32.70.210 > > Looking at the log here it looks like 40002 is not even able to get out. > > Greg Foulks, MCP > NewFound Technologies, Inc. > http://www.nfti.com > Email: greg.foulks@xxxxxxxx > Voice: 614.318.5036 > Fax: 614.318.5005 > > > -----Original Message----- > From: Jim Harrison [ISAQFE] [mailto:jim@xxxxxxxxxxxx] > Sent: Tuesday, January 14, 2003 5:16 PM > To: [ISAserver.org Discussion List] > Subject: [isalist] Re: Help Configuring a rule > > > http://www.ISAserver.org > > > Yes, it could very well be NAT that's killing the app. > You stated that you're testing from behind ISA; in that case, you need to > create a protocol definition for that app and use it in a protocol rule. > > Jim Harrison > MCP(NT4, W2K), A+, Network+, PCG > http://www.microsoft.com/isaserver > http://isaserver.org/pages/author_index.asp?aut=3 > http://isatools.org > > Read the help, books and articles! > > ----- Original Message ----- > From: "Greg Foulks" <greg.foulks@xxxxxxxx> > To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> > Sent: Tuesday, January 14, 2003 10:04 > Subject: [isalist] Help Configuring a rule > > > http://www.ISAserver.org > > > I have an application that I am trying to access through my ISA server. This > application is a java web based application. Without > adding any rules and trying to access the application I get this in the ISA > IP logs > > 2003-01-14 17:52:29 12.32.70.210 207.135.149.103 Tcp 10984 40002 BLOCKED > 12.32.70.210 > 2003-01-14 17:52:47 12.32.70.210 207.135.149.103 Tcp 10949 40002 BLOCKED > 12.32.70.210 > 2003-01-14 17:53:04 207.135.149.103 12.32.70.210 Tcp 40002 10949 BLOCKED > 12.32.70.210 > 2003-01-14 17:53:08 207.135.149.103 12.32.70.210 Tcp 40002 10949 BLOCKED > 12.32.70.210 > 2003-01-14 17:53:17 207.135.149.103 12.32.70.210 Tcp 40002 10949 BLOCKED > 12.32.70.210 > 2003-01-14 17:53:32 207.135.149.103 12.32.70.210 Tcp 40002 10949 BLOCKED > 12.32.70.210 > > Okay so I can see that port 40002 is blocked both inbound and outbound. > > So I create a IP packet filter and allow Remote port 40002 and Local Port > dynamic for TCP 40002 direction set to Both. > > Now when I try to access the application I get this ISA IP log > > 2003-01-14 17:55:29 12.32.70.210 207.135.149.103 Tcp 10984 40002 ALLOWED > 12.32.70.210 > 2003-01-14 17:55:47 12.32.70.210 207.135.149.103 Tcp 10949 40002 ALLOWED > 12.32.70.210 > 2003-01-14 17:55:04 207.135.149.103 12.32.70.210 Tcp 40002 10949 ALLOWED > 12.32.70.210 > 2003-01-14 17:55:08 207.135.149.103 12.32.70.210 Tcp 40002 10949 ALLOWED > 12.32.70.210 > 2003-01-14 17:55:17 207.135.149.103 12.32.70.210 Tcp 40002 10949 ALLOWED > 12.32.70.210 > 2003-01-14 17:55:32 207.135.149.103 12.32.70.210 Tcp 40002 10949 ALLOWED > 12.32.70.210 > > > However the application fails to start as if something else is still being > blocked. > > I've tried to access this application from the sever that is running ISA, > from a computer sitting behind the ISA server, I've tried > it on systems running secureNAT, running the Firewall Client. The only > system that I've been able to get it to work on is a Laptop > that I've setup on the internet with a public IP address that is not behind > the ISA server and it works fine. > > Could the problem be with the NAT? Any other ideas that may help? > > Thanks, > > Greg Foulks, MCP > NewFound Technologies, Inc. > http://www.nfti.com > Email: greg.foulks@xxxxxxxx > Voice: 614.318.5036 > Fax: 614.318.5005 > > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Exchange Server Resource Site: http://www.msexchange.org/ > Windows Security Resource Site: http://www.windowsecurity.com/ > Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion List as: > jim@xxxxxxxxxxxx > To unsubscribe send a blank email to $subst('Email.Unsub') > > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Exchange Server Resource Site: http://www.msexchange.org/ > Windows Security Resource Site: http://www.windowsecurity.com/ > Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion List as: > greg.foulks@xxxxxxxx > To unsubscribe send a blank email to $subst('Email.Unsub') > > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Exchange Server Resource Site: http://www.msexchange.org/ > Windows Security Resource Site: http://www.windowsecurity.com/ > Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion List as: > jim@xxxxxxxxxxxx > To unsubscribe send a blank email to $subst('Email.Unsub') > > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Exchange Server Resource Site: http://www.msexchange.org/ > Windows Security Resource Site: http://www.windowsecurity.com/ > Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion List as: greg.foulks@xxxxxxxx > To unsubscribe send a blank email to $subst('Email.Unsub') >