RE: Outbound 8080 fails for some users
- From: Phill Hardstaff <phillh@xxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Fri, 23 Jan 2004 10:54:44 +1100
Brian, as it's not stated are these guys using the web proxy ? Or just
straight NAT clients and that’s it ? A "feauture " of the web proxy is that
it allows connections to non standard ports without protocol rules.
I just tried a few sites on 8080 and they work fine using the proxy, this
for example http://www.ee.ryerson.ca:8080
Cheers
Phill
-----Original Message-----
From: Brian Stone [mailto:brstephe@xxxxxxxxx]
Sent: Friday, 23 January 2004 10:49 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] Outbound 8080 fails for some users
http://www.ISAserver.org
I've come across an odd situation I'm hoping someone has seen before.
Lots of background on this one, so please excuse the length.
W2K Server, SP4, all patches, ISA w/Feature Pack 1. All clients are secure
NAT, I have a client address set to limit the access of certain groups of
internal users by IP (they get a limited set of protocols and only get 4-5
websites due to a restrictive destination set). I also have another group
of machines in a client address set that have no protocol restrictions and
no destination set restrictions. All of this setup works flawlessly and has
for well over a year.
Now here is where it gets fun, all users need to access a webserver using
non-standard port 8080. Sounds pretty simple, right? Create a protocol
rule for outbound 8080 and we're done right? Not exactly. I created an
outbound 8080 rule, permit it for both client address sets and the
non-restricted group can reach the site, the restricted group cannot.
Thinking that this is odd, I added the new site to the destination set as an
allowed host for the restricted group, I entered both www.server.com and
www.server.com:8080, just in case ISA was doing something funning with the
traffic - still no luck.
My next thought was that maybe it was the Listener for Outgoing Web Requests
creating the conflict so I changed the port for that and restart related
services, still no luck.
Running out of ideas on this one, anyone seen (and solved) this before?
Thanks!
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org Windows
Security Resource Site: http://www.windowsecurity.com/ Network Security
Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
phillh@xxxxxxx To unsubscribe send a blank email to
$subst('Email.Unsub')
---
Incoming mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.563 / Virus Database: 355 - Release Date: 17/01/2004
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.563 / Virus Database: 355 - Release Date: 17/01/2004
Other related posts:
