Hi Brian, A single frame isn't too helpful :-) The packet filter and firewall logs would be a lot more helpful. Even more helpful would be to tell where this site and application is so that we can test it. HTH< Tom www.isaserver.org/shinder -----Original Message----- From: brianh@xxxxxxxxxxxxxxxxxxx [mailto:brianh@xxxxxxxxxxxxxxxxxxx] Sent: Tuesday, February 19, 2002 11:02 PM To: [ISAserver.org Discussion List] Subject: [isalist] Need to get application past firewall http://www.ISAserver.org Hello all, I have a firewall setup doing nat with an outside static ip. I have internet access and all seems ok except for one thing. We run one application that connects to the internet to a server on port 2010 for information and port 80 for images. I have not been able to get the application to communicate through the firewall. I know of people running behind a nated router from there isp and all is ok. I see it logging in the NT event log that it is dropping packets but nothing showes up in the ISA logs to indicate why they are being dropped? Bellow is a capture of the packet leving the computer on the way to the firewall. I have opened up the firewall as far as I no how and still no luck. Help!!! 4 5.686987 LOCAL 00105A703632 TCP ....S., len: 0, seq:1883033075-1883033075, ack: 0, win:16384, src: 2673 dst: 2010 BRIAN 63.89.49.205 IP Frame: Base frame properties Frame: Time of capture = 2/19/2002 20:50:30.627 Frame: Time delta from previous physical frame: 0 microseconds Frame: Frame number: 4 Frame: Total frame length: 62 bytes Frame: Capture frame length: 62 bytes Frame: Frame data: Number of data bytes remaining = 62 (0x003E) ETHERNET: ETYPE = 0x0800 : Protocol = IP: DOD Internet Protocol ETHERNET: Destination address : 00105A703632 ETHERNET: .......0 = Individual address ETHERNET: ......0. = Universally administered address ETHERNET: Source address : 005004D4C31E ETHERNET: .......0 = No routing information present ETHERNET: ......0. = Universally administered address ETHERNET: Frame Length : 62 (0x003E) ETHERNET: Ethernet Type : 0x0800 (IP: DOD Internet Protocol) ETHERNET: Ethernet Data: Number of data bytes remaining = 48 (0x0030) IP: ID = 0xF1A1; Proto = TCP; Len: 48 IP: Version = 4 (0x4) IP: Header Length = 20 (0x14) IP: Precedence = Routine IP: Type of Service = Normal Service IP: Total Length = 48 (0x30) IP: Identification = 61857 (0xF1A1) IP: Flags Summary = 2 (0x2) IP: .......0 = Last fragment in datagram IP: ......1. = Cannot fragment datagram IP: Fragment Offset = 0 (0x0) bytes IP: Time to Live = 128 (0x80) IP: Protocol = TCP - Transmission Control IP: Checksum = ERROR: CheckSum is 0x0000, Should be 0xCD42 IP: Source Address = 192.168.10.21 IP: Destination Address = 63.89.49.205 IP: Data: Number of data bytes remaining = 28 (0x001C) TCP: ....S., len: 0, seq:1883033075-1883033075, ack: 0, win:16384, src: 2673 dst: 2010 TCP: Source Port = 0x0A71 TCP: Destination Port = 0x07DA TCP: Sequence Number = 1883033075 (0x703CCDF3) TCP: Acknowledgement Number = 0 (0x0) TCP: Data Offset = 28 (0x1C) TCP: Reserved = 0 (0x0000) TCP: Flags = 0x02 : ....S. TCP: ..0..... = No urgent data TCP: ...0.... = Acknowledgement field not significant TCP: ....0... = No Push function TCP: .....0.. = No Reset TCP: ......1. = Synchronize sequence numbers TCP: .......0 = No Fin TCP: Window = 16384 (0x4000) TCP: Checksum = 0xB6C0 TCP: Urgent Pointer = 0 (0x0) TCP: Options TCP: Maximum Segment Size Option TCP: Option Type = Maximum Segment Size TCP: Option Length = 4 (0x4) TCP: Maximum Segment Size = 1460 (0x5B4) TCP: Option Nop = 1 (0x1) TCP: Option Nop = 1 (0x1) TCP: SACK Permitted Option TCP: Option Type = Sack Permitted TCP: Option Length = 2 (0x2) 00000: 00 10 5A 70 36 32 00 50 04 D4 C3 1E 08 00 45 00 ..Zp62.P......E. 00010: 00 30 F1 A1 40 00 80 06 00 00 C0 A8 0A 15 3F 59 .0..@.........?Y 00020: 31 CD 0A 71 07 DA 70 3C CD F3 00 00 00 00 70 02 1..q..p<......p. 00030: 40 00 B6 C0 00 00 02 04 05 B4 01 01 04 02 @............. ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')