Sorry to say, we don't have an ISA-specific solution to this. The problem is this: the old and new subnets are both "external"; IOW, ISA owns one as "external" and the server is on a completely different one, but still "external" as far as ISA is concerned. Add to this the fact that ISA has no direct routing relationship to the old subnet and you have a complete inability to pass, much less control traffic between the external clients and this external server. ------------------------------------------------------- Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://isaserver.org/Jim_Harrison/ http://isatools.org Read the help / books / articles! ------------------------------------------------------- -----Original Message----- From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx] Sent: Thursday, January 26, 2006 09:00 To: [ISAserver.org Discussion List] Subject: [isalist] RE: [ISA2004] Protocol Definition Problem http://www.ISAserver.org You'll need to define the actual publishing rule before we can help here. If you want to send your ISAInfo & ISA log excerpts offline, I'll give it a peek. ------------------------------------------------------- Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://isaserver.org/Jim_Harrison/ http://isatools.org Read the help / books / articles! ------------------------------------------------------- -----Original Message----- From: Jonathon J. Howey [mailto:Jonathon@xxxxxxx] Sent: Tuesday, January 24, 2006 07:22 To: [ISAserver.org Discussion List] Subject: [isalist] RE: [ISA2004] Protocol Definition Problem http://www.ISAserver.org bump.. ________________________________ From: Jonathon J. Howey [mailto:Jonathon@xxxxxxx] Sent: January 23, 2006 9:40 AM To: [ISAserver.org Discussion List] Subject: [isalist] [ISA2004] Protocol Definition Problem http://www.ISAserver.org Hi, We recently had to move one of our servers to a diff IP on a diff. subnet, so we attached it's old IP to our ISA machine (SBS2003)'s Internet NIC. Now I was thinking that if we created a protocol for the 2 ports we wanted to forward, then create a server publishing rule, this would forward those 2 ports? Anyways, a client will try to connect on TCP 2020 and 2021 and we have a custom broker app. that is listening on these 2 ports. It seems though that ISA is not detecting the traffic as you can see below, as it won't even detect the protocol I made. 204.209.56.130 is the old IP I want to forward. Anyone have any idea's why it's not working? I created it as a protocol, TCP Inbound on port 2020, then another on TCP Inbound 2021. I've also tried a secondary connection for outbound on the same port; but to no luck. Original Client IP Client Agent Authenticated Client Service Server Name Referring Server Destination Host Name Transport MIME Type Object Source Source Proxy Destination Proxy Bidirectional Client Host Name Filter Information Network Interface Raw IP Header Raw Payload Source Port Processing Time Bytes Sent Bytes Received Result Code HTTP Status Code Cache Information Error Information Log Record Type Log Time Destination IP Destination Port Protocol Action Rule Client IP Client Username Source Network Destination Network HTTP Method URL 209.153.204.1 KPSASBS - TCP - No - 50431 0 0 0 0xc004000d FWX_E_POLICY_RULES_DENIED 0x0 0x0 Firewall 1/23/2006 9:28:40 AM 204.209.56.130 2021 Unidentified IP Traffic Denied Connection Default rule 209.153.204.1 External Local Host - - 209.153.204.1 KPSASBS - TCP - No - 50431 0 0 0 0xc004000d FWX_E_POLICY_RULES_DENIED 0x0 0x0 Firewall 1/23/2006 9:28:40 AM 204.209.56.130 2021 Unidentified IP Traffic Denied Connection Default rule 209.153.204.1 External Local Host - - 209.153.204.1 KPSASBS - TCP - No - 50437 0 0 0 0xc004000d FWX_E_POLICY_RULES_DENIED 0x0 0x0 Firewall 1/23/2006 9:28:40 AM 204.209.56.130 2021 Unidentified IP Traffic Denied Connection Default rule 209.153.204.1 External Local Host - - 209.153.204.1 KPSASBS - TCP - No - 50431 0 0 0 0xc004000d FWX_E_POLICY_RULES_DENIED 0x0 0x0 Firewall 1/23/2006 9:28:48 AM 204.209.56.130 2021 Unidentified IP Traffic Denied Connection Default rule 209.153.204.1 External Local Host - - 209.153.204.1 KPSASBS - TCP - No - 50277 0 0 0 0xc004000d FWX_E_POLICY_RULES_DENIED 0x0 0x0 Firewall 1/23/2006 9:28:51 AM 204.209.56.130 2021 Unidentified IP Traffic Denied Connection Default rule 209.153.204.1 External Local Host - - Jonathon J. Howey KPSA Compliance Management Inc. P 780.409.5620 F 780.409.5621 D 780.409.5628 C 780.965.8363 Jonathon@xxxxxxx Guiding the Future of Transportation www.KPSA.ca <http://www.kpsa.ca/> All mail to and from this domain is GFI-scanned.