RE: Need help with packet filters

  • From: "Jim Harrison" <Jim@xxxxxxxxxxxx>
  • To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
  • Date: Mon, 28 Feb 2005 14:16:37 -0800

Q1 - What HTTP response does your app report when it fails?

Q2 - have you considered using WinHTTP in your VB app?

 

 

-------------------------------------------------------

   Jim Harrison

   MCP(NT4, W2K), A+, Network+, PCG

   http://isaserver.org/Jim_Harrison/
<http://isaserver.org/Jim_Harrison/> 

   http://isatools.org <http://isatools.org/> 

   Read the help / books / articles!

-------------------------------------------------------

 

________________________________

From: tim S [mailto:tim724342@xxxxxxxxx] 
Sent: Monday, February 28, 2005 11:23
To: [ISAserver.org Discussion List]
Subject: [isalist] Need help with packet filters

 

http://www.ISAserver.org 

Hi,

 

I have ISA 2000 running on windows 2003 server.   I am baffled as to why
ISA behaves this way.  I have a simple VB application that makes a
request to an external website that uses SSL and requires
authentication.  The client is firewall and secureNAT.  HTTP redirector
sends all web requests to webproxy service.

 

If I type the URL in the browser, I can get to the site after
authenticating at the external webserver.  But if I let the application
make the web request, it hangs up.  Here are my logs (all the fields are
logged):

 

 

Firewall Log:(as a firewall client)   10.1.0.88 = client IP number ,
64.14.x.x = remote webserver

-------------------------------------------------

10.1.0.88 user1 URLapp.exe:3:5.1 N 2005-02-28 19:01:23 fwsrv ISA1 - -
64.14.x.x 443 4500 - - 443 TCP Connect 0 All outbound Allow rule

Firewall Log:(as a secure NAT client)

-----------------------------------------------------

10.1.0.88 - - N 2005-02-28 19:05:41 fwsrv ISA1 - - 64.14.81.x.x 4546 - -
443 TCP Connect 0 All outbound Allow rule
10.1.0.88 - - N 2005-02-28 19:05:41 fwsrv ISA1 - - 64.14.x.x 443 4546 70
- 443 TCP Connect 20000 All outbound Allow rule

 

 

Packet filter log:(just remove the payload field)

--------------------

2005-02-28 18:39:55 163.x.x.x  64.14.x.x Udp 1708 137 - BLOCKED
163.x.x.x  45 

2005-02-28 18:39:55 163.x.x.x  64.14.x.x Udp 1709 137 - BLOCKED
163.x.x.x  45 

2005-02-28 18:39:56 163.x.x.x  64.14.x.x Udp 1708 137 - BLOCKED
163.x.x.x  45 

2005-02-28 18:39:56 163.x.x.x  64.14.x.x Udp 1709 137 - BLOCKED
163.x.x.x  45 

2005-02-28 18:39:57 163.x.x.x  64.14.x.x Udp 1708 137 - BLOCKED
163.x.x.x  45 

2005-02-28 18:39:57 163.x.x.x  64.14.x.x Udp 1709 137 - BLOCKED
163.x.x.x  45 

2005-02-28 18:39:58 163.x.x.x  64.14.x.x Udp 1708 137 - BLOCKED
163.x.x.x  45 

 

163.x.x.x = IP number of the ISA's external NIC

64.14.x.x = the remote webserver that requires authentication and SSL
encryption.

 

I can't figure out why in the work the ISA server is using the port 137
instead of 443 to connect to the remote webserver.  I tried disabling
firewall client, but same result.  However, I tried this application
using another ISA server as a gateway from the same client.  The
application didn't have any problem connecting.  It's this particular
ISA server that has problem.  Any help is greatly appreciated.  

 

Thanks

__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com
------------------------------------------------------ List Archives:
http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server
Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server
FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------ Other Internet
Software Marketing Sites: World of Windows Networking:
http://www.windowsnetworking.com Leading Network Software Directory:
http://www.serverfiles.com No.1 Exchange Server Resource Site:
http://www.msexchange.org Windows Security Resource Site:
http://www.windowsecurity.com/ Network Security Library:
http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------ You are currently
subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To
unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx


All mail to and from this domain is GFI-scanned.

Other related posts:

  1. Home
  2. isalist
  3. Archive
  4. 02-2005