RES: Weird problem with ISA 2004
- From: Frédéric Giroux <fgiroux@xxxxxxxxxx>
- To: "ISAserver Discussion List" <isalist@xxxxxxxxxxxxx>
- Date: Wed, 8 Jun 2005 15:02:09 -0400
Hi guys!
It seems I finaly found the source of my problem. When logged on, ISA
intercepts the external SMTP request and tries to send it to the internal
server as his. Since there is no rule allowing this type of communication from
ISA to the internal server, it fails. When I log off, the request is treated
normally as from the external to the internal server. After I realized that, I
created a rule allowing SMTP traffic from ISA to the internal server and it
worked.
Now, this can't be normal or by design. Is this a flaw somehow? I don't know
but at least it now works when a session is opened at the console.
Any insight on the matter?
Thanks!
Fred
_____________________________________
Frederic Giroux, technical director
Niveau3 inc.
IT Consultants
fgiroux@xxxxxxxxxx
www.niveau3.ca
514-352-4782 (ext. 223)
514-352-9126 (fax)
866-477-4782 (toll free)
Original message:
Hello All!
I'm having a weird problem with ISA 2004:
When no user is logged to ISA, it works flawlessly. As soon as I, or any user,
log on, most inbound ports become blocked. SMTP, POP and a few others are
blocked. HTTP and DNS keep working. No errors in logs (except for a half scan
attak a few days ago), no sign whatsoever of what could be the cause. Windows
event logs are free of anything suspicious.
I tried disabling the SMTP filter and the POP filter (which are blocked when
logged on). For some obscure reason, the ports opened up again. I reactivated
the filters, down they go. Log off... Back up again.
However, I have an activity/port monitoring scanner on an external server (A1
Monitoring). When the filters were turned off, it started having all kind of
troubles monitoring the local server. It would say that he server was down
despite the fact that it was responding fine using Telnet. After I re-enabled
the filters, A1 Monitoring started working fine again (after I logged off of
course ;-) ).
FYI, the SMTP filter is on but not configured. I use Brightmail so I have no
use for it.
The symptoms, more precisely, are as follow:
It's like if the routing was incorrect. I mean that when I Telnet port 25 from
a remote computer, I get a connection but no reply (the smtp banner doesn't
show). I tried to monitor the connection from withing ISA and it is as if no
reply was sent to the remote computer.
I don't know what could be the cause of this. I did not make much changes
before it happened but I must add that this ISA has been up for only 45 days. I
noticed the problem 10 days ago.
Rules are fine. If they were the problem, it wouldn't work while logged out
(unless MS is hidding something :-))) ).
Thanks for any help you can provide.
Other related posts:
