Need help with packet filters

• From: tim S <tim724342@xxxxxxxxx>
• To: isalist@xxxxxxxxxxxxx
• Date: Mon, 28 Feb 2005 11:22:53 -0800 (PST)

Hi,

 

I have ISA 2000 running on windows 2003 server.   I am baffled as to why ISA 
behaves this way.  I have a simple VB application that makes a request to an 
external website that uses SSL and requires authentication.  The client is 
firewall and secureNAT.  HTTP redirector sends all web requests to webproxy 
service.

 

If I type the URL in the browser, I can get to the site after authenticating at 
the external webserver.  But if I let the application make the web request, it 
hangs up.  Here are my logs (all the fields are logged):

 

 

Firewall Log:(as a firewall client)   10.1.0.88 = client IP number , 64.14.x.x 
= remote webserver

-------------------------------------------------

10.1.0.88 user1 URLapp.exe:3:5.1 N 2005-02-28 19:01:23 fwsrv ISA1 - - 64.14.x.x 
443 4500 - - 443 TCP Connect 0 All outbound Allow rule

Firewall Log:(as a secure NAT client)

-----------------------------------------------------

10.1.0.88 - - N 2005-02-28 19:05:41 fwsrv ISA1 - - 64.14.81.x.x 4546 - - 443 
TCP Connect 0 All outbound Allow rule
10.1.0.88 - - N 2005-02-28 19:05:41 fwsrv ISA1 - - 64.14.x.x 443 4546 70 - 443 
TCP Connect 20000 All outbound Allow rule

 

 

Packet filter log:(just remove the payload field)

--------------------

2005-02-28 18:39:55 163.x.x.x  64.14.x.x Udp 1708 137 - BLOCKED 163.x.x.x  45 

2005-02-28 18:39:55 163.x.x.x  64.14.x.x Udp 1709 137 - BLOCKED 163.x.x.x  45 

2005-02-28 18:39:56 163.x.x.x  64.14.x.x Udp 1708 137 - BLOCKED 163.x.x.x  45 

2005-02-28 18:39:56 163.x.x.x  64.14.x.x Udp 1709 137 - BLOCKED 163.x.x.x  45 

2005-02-28 18:39:57 163.x.x.x  64.14.x.x Udp 1708 137 - BLOCKED 163.x.x.x  45 

2005-02-28 18:39:57 163.x.x.x  64.14.x.x Udp 1709 137 - BLOCKED 163.x.x.x  45 

2005-02-28 18:39:58 163.x.x.x  64.14.x.x Udp 1708 137 - BLOCKED 163.x.x.x  45 

 

163.x.x.x = IP number of the ISA's external NIC

64.14.x.x = the remote webserver that requires authentication and SSL 
encryption.

 

I can't figure out why in the work the ISA server is using the port 137 instead 
of 443 to connect to the remote webserver.  I tried disabling firewall client, 
but same result.  However, I tried this application using another ISA server as 
a gateway from the same client.  The application didn't have any problem 
connecting.  It's this particular ISA server that has problem.  Any help is 
greatly appreciated.  

 

Thanks


__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 

Other related posts:

• » Need help with packet filters
• » RE: Need help with packet filters
• » RE: Need help with packet filters

1. Home
2. isalist
3. Archive
4. 02-2005

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---