RE: Packet filter problem
- From: "Jim Harrison" <Jim@xxxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Sat, 9 Apr 2005 22:58:06 -0700
Never
Ever
EVER
Create an "allow all both" packet filter.
This is the equivalent of removing ISA from your server.
Use
The
Logs
..they'll tell you what the application is trying to use.
Guessing only leaves you guessing.
-----Original Message-----
From: tim S [mailto:tim724342@xxxxxxxxx]
Sent: Saturday, April 09, 2005 6:25 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Packet filter problem
http://www.ISAserver.org
Thanks Jim :)
I am going to run the eithereal and check the logs. However, if you can
clear this for me. Does creating a packet filter with 'ANY' protocol,
'BOTH' directions, 'ALL' local ports and 'ALL' remote ports work? If it
does work, it would be similar to disabling the packet filtering feature
right?
The weird thing is the application works fine if the traffic goes
through the WAN and hits the target server. But if I take the ISA and
put it in a private network where a router to router VPN tunnel connects
the target server, the app has problem. If remove the packet filter,
everything seems to work fine. BTW, the app connects to a SQL server on
a remote network.
Thanks
ts
Jim Harrison <Jim@xxxxxxxxxxxx> wrote:
http://www.ISAserver.org
Use the logs, Luke.
ISA logs all the traffic it sees.
You can read through the packet filter logs to see what traffic
the application is trying to send that gets blocked.
-------------------------------------------------------
Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG
http://isaserver.org/Jim_Harrison/
<http://isaserver.org/Jim_Harrison/>
http://isatools.org <http://isatools.org/>
Read the help / books / articles!
-------------------------------------------------------
________________________________
From: tim S [mailto:tim724342@xxxxxxxxx]
Sent: Friday, April 08, 2005 14:55
To: [ISAserver.org Discussion List]
Subject: [isalist] Packet filter problem
http://www.ISAserver.org
I have a window 2000/ISA 2000. There is an application that has
to communicate with a server in another location via WAN. The only way
the app seem to communicate with the server is if I disable the IP
packet filtering feature in ISA (no, I didn't disable it in the
production server). I am working on the test ISA server.
I even created a packet filter that allows traffic both ways for
all protocols, all port and all external interface. Still the app can't
communicate. As soon as I disable the packet filtering by selecting the
properties for the IP Packet Filters node, it has no trouble at all
communicating with the server via WAN. Looked at the log but haven't
seen any difference with or without ip packet filtering.
I am at loss. I really appreciate it if someone can help me on
this.
Thanks
ts
________________________________
Yahoo! Messenger
Show us what our next emoticon should look like. Join the fun.
<http://us.rd.yahoo.com/evt=31855/*http:/advision.webevents.yahoo.com/em
oticontest> ------------------------------------------------------ List
Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server
Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server
FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------ Other Internet
Software Marketing Sites: World of Windows Networking:
http://www.windowsnetworking.com Leading Network Software Directory:
http://www.serverfiles.com No.1 Exchange Server Resource Site:
http://www.msexchange.org Windows Security Resource Site:
http://www.windowsecurity.com/ Network Security Library:
http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------ You are currently
subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To
unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
------------------------------------------------------
List Archives:
http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter:
http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ:
http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion
List as: tim724342@xxxxxxxxx
To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
All mail to and from this domain is GFI-scanned.
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
------------------------------------------------------ List Archives:
http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server
Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server
FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------ Other Internet
Software Marketing Sites: World of Windows Networking:
http://www.windowsnetworking.com Leading Network Software Directory:
http://www.serverfiles.com No.1 Exchange Server Resource Site:
http://www.msexchange.org Windows Security Resource Site:
http://www.windowsecurity.com/ Network Security Library:
http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------ You are currently
subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To
unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
All mail to and from this domain is GFI-scanned.
Other related posts:
