RE: [ISA2004] Protocol Definition Problem

  • From: "Jim Harrison" <Jim@xxxxxxxxxxxx>
  • To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
  • Date: Mon, 6 Feb 2006 09:58:24 -0800

Sorry to say, we don't have an ISA-specific solution to this. 

The problem is this: the old and new subnets are both "external"; IOW, ISA owns 
one as "external" and the server is on a completely different one, but still 
"external" as far as ISA is concerned.
Add to this the fact that ISA has no direct routing relationship to the old 
subnet and you have a complete inability to pass, much less control traffic 
between the external clients and this external server.

-------------------------------------------------------
   Jim Harrison
   MCP(NT4, W2K), A+, Network+, PCG
   http://isaserver.org/Jim_Harrison/
   http://isatools.org
   Read the help / books / articles!
-------------------------------------------------------
 

-----Original Message-----
From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx] 
Sent: Thursday, January 26, 2006 09:00
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: [ISA2004] Protocol Definition Problem

http://www.ISAserver.org

You'll need to define the actual publishing rule before we can help here.
If you want to send your ISAInfo & ISA log excerpts offline, I'll give it a 
peek. 


-------------------------------------------------------
   Jim Harrison
   MCP(NT4, W2K), A+, Network+, PCG
   http://isaserver.org/Jim_Harrison/
   http://isatools.org
   Read the help / books / articles!
-------------------------------------------------------
 

-----Original Message-----
From: Jonathon J. Howey [mailto:Jonathon@xxxxxxx]
Sent: Tuesday, January 24, 2006 07:22
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: [ISA2004] Protocol Definition Problem

http://www.ISAserver.org

bump..
 
 
 

________________________________

From: Jonathon J. Howey [mailto:Jonathon@xxxxxxx]
Sent: January 23, 2006 9:40 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] [ISA2004] Protocol Definition Problem


http://www.ISAserver.org

Hi,
 
We recently had to move one of our servers to a diff IP on a diff. subnet, so 
we attached it's old IP to our ISA machine (SBS2003)'s Internet NIC.  Now I was 
thinking that if we created a protocol for the 2 ports we wanted to forward, 
then create a server publishing rule, this would forward those 2 ports?
 
Anyways, a client will try to connect on TCP 2020 and 2021 and we have a custom 
broker app. that is listening on these 2 ports.  It seems though that ISA is 
not detecting the traffic as you can see below, as it won't even detect the 
protocol I made. 204.209.56.130 is the old IP I want to forward.  Anyone have 
any idea's why it's not working?  I created it as a protocol, TCP Inbound on 
port 2020, then another on TCP Inbound 2021.  I've also tried a secondary 
connection for outbound on the same port; but to no luck. 
 
 
Original Client IP Client Agent Authenticated Client Service Server Name 
Referring Server Destination Host Name Transport MIME Type Object Source Source 
Proxy Destination Proxy Bidirectional Client Host Name Filter Information 
Network Interface Raw IP Header Raw Payload Source Port Processing Time Bytes 
Sent Bytes Received Result Code HTTP Status Code Cache Information Error 
Information Log Record Type Log Time Destination IP Destination Port Protocol 
Action Rule Client IP Client Username Source Network Destination Network HTTP 
Method URL
209.153.204.1    KPSASBS -  TCP -    No  -    50431 0 0 0 0xc004000d 
FWX_E_POLICY_RULES_DENIED  0x0 0x0 Firewall 1/23/2006 9:28:40 AM 204.209.56.130 
2021 Unidentified IP Traffic Denied Connection Default rule 209.153.204.1  
External Local Host - -
209.153.204.1    KPSASBS -  TCP -    No  -    50431 0 0 0 0xc004000d 
FWX_E_POLICY_RULES_DENIED  0x0 0x0 Firewall 1/23/2006 9:28:40 AM 204.209.56.130 
2021 Unidentified IP Traffic Denied Connection Default rule 209.153.204.1  
External Local Host - -
209.153.204.1    KPSASBS -  TCP -    No  -    50437 0 0 0 0xc004000d 
FWX_E_POLICY_RULES_DENIED  0x0 0x0 Firewall 1/23/2006 9:28:40 AM 204.209.56.130 
2021 Unidentified IP Traffic Denied Connection Default rule 209.153.204.1  
External Local Host - -
209.153.204.1    KPSASBS -  TCP -    No  -    50431 0 0 0 0xc004000d 
FWX_E_POLICY_RULES_DENIED  0x0 0x0 Firewall 1/23/2006 9:28:48 AM 204.209.56.130 
2021 Unidentified IP Traffic Denied Connection Default rule 209.153.204.1  
External Local Host - -
209.153.204.1    KPSASBS -  TCP -    No  -    50277 0 0 0 0xc004000d 
FWX_E_POLICY_RULES_DENIED  0x0 0x0 Firewall 1/23/2006 9:28:51 AM 204.209.56.130 
2021 Unidentified IP Traffic Denied Connection Default rule 209.153.204.1  
External Local Host - -

 
 
Jonathon J. Howey
KPSA Compliance Management Inc.
P 780.409.5620
F 780.409.5621
D 780.409.5628
C 780.965.8363
Jonathon@xxxxxxx
 
Guiding the Future of Transportation
www.KPSA.ca <http://www.kpsa.ca/> 
 

All mail to and from this domain is GFI-scanned.

Other related posts:

  1. Home
  2. isalist
  3. Archive
  4. 02-2006