Re: Please help

Yes of course. I?ve found an article from technet Q299959 that states
ISA does not nanage routing well between external and DMZ nics.

 

-----Original Message-----
From: Jim Harrison [mailto:jim@xxxxxxxxxxxx] 
Sent: Sunday, June 16, 2002 2:31 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: Please help

 

http://www.ISAserver.org

Do you have "Enable IP Routing" enabled in IP Packet Filtering
properties?

 

Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG
http://isaserver.org/authors/harrison/
Read the books!

----- Original Message ----- 

From: Radu <mailto:radu.cruceana@xxxxxxxxxxxx>  Cruceana 

To: [ISAserver.org <mailto:isalist@xxxxxxxxxxxxx>  Discussion List] 

Sent: Saturday, June 15, 2002 12:35 PM

Subject: [isalist] Re: Please help

 

http://www.ISAserver.org

The same result is obtained also for DNS query packets or telnet in port
110. 

The problem is not ICMP related.

I have to publish those servers on the DMZ interface on ISA server.

When I analized the traffic with Network Monitor, I saw that the packets
are not routed from the external to DMZ interface.

It works after disabling/enabling of each interface but when I restart
the server or the Firewall service, it stop working again.

 

 

-----Original Message-----
From: Jim Harrison [mailto:jim@xxxxxxxxxxxx] 
Sent: Saturday, June 15, 2002 10:13 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: Please help

 

http://www.ISAserver.org

ISA blocks inbound ICMP by default (ping floods are a really basic DoS
technique).

Besides, ICMP doesn't guarantee traffic flow for other protocols..

Create packet filters for DNS / SMTP traffic between the 62.231.68.<ip>
and the linux host.

 

Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG
http://isaserver.org/authors/harrison/
Read the books!

----- Original Message ----- 

From: Radu Cruceana <mailto:radu.cruceana@xxxxxxxxxxxx>  

To: [ISAserver.org <mailto:isalist@xxxxxxxxxxxxx>  Discussion List] 

Sent: Saturday, June 15, 2002 9:47 AM

Subject: [isalist] Please help

 

http://www.ISAserver.org

Hi,

Please help a desperate man. I have the following configuration:


                              

Internet ->  62.231.68.x/24 --ISA--192.168.0.0/24 -> Internal LAN

                               |

                         212.93.159.61/30 (Isa Interface to DMZ)

                               |

                               |

                               |

                         212.93.159.62/30 (Linux mail Server on DMZ)

 

So, From Internet I have ping on Linux Server but I don?t have on ISA
interface to DMZ.

Routing is enabled and packet filters are specified with subnet for DMZ
so it should include 

the 212.93.159.61. 

If I disable the interface to Internet and the interface to dmz and
reenable

them everything it?s working ok. After that, if I restart the firewall
service or if I reboot the machine bye bye ping on 212.93.159.61 from
Internet.

 

Also if I stop the firewall service I have ping on 212.93.159.61.

 

This interface is crucial because I have to publish on it a dns server
and a mail server.

I?ve also try put specific packet filters for it but no result.

I don?t know what to do anymore (except to hang myself).

Thx a lot in advance.

 

 

                                                  

------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')


------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
radu.cruceana@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')


------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')


------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
radu.cruceana@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')


BEGIN:VCARD
VERSION:2.1
N:Cruceana;Radu
FN:Radu Cruceana (Radu Cruceana)
ORG:Global Business Software S.R.L.
TITLE:I.T. Manager
TEL;WORK;VOICE:(21) 301-7462
TEL;CELL;VOICE:(744) 686-498
TEL;WORK;FAX:(21) 301-7475
ADR;WORK:;;2-4 Marasesti Street,;Sector 4 Bucharest;;;Romania
LABEL;WORK;ENCODING=QUOTED-PRINTABLE:2-4 Marasesti Street,=0D=0ASector 4 
Bucharest=0D=0ARomania
URL;WORK:http://www.adholding.ro
EMAIL;PREF;INTERNET:radu.cruceana@xxxxxxxxxxxx
REV:20020616T113852Z
END:VCARD

Other related posts: