RE: Rules not working.
- From: "Thomas W. Shinder" <tshinder@xxxxxxxxxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Thu, 2 May 2002 13:08:29 -0500
Hi Erik,
You have a Protocol Rule called ALLOWED which is passing the requests
through the ISA Server. That's what I get from the Firewall log.
HTH,
Tom
www.isaserver.org/shinder
-----Original Message-----
From: Erik Sojka [mailto:esojka@xxxxxxxx]
Sent: Thursday, May 02, 2002 10:29 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Rules not working.
http://www.ISAserver.org
I enabled those settings on the logs and tried to access again. As a
test I
entered http://www.google.com:8000 in the IE address bar.
Here is the relevant snippet from the ISA web log file (wrappage):
192.9.201.51, NBME\ESojka, Mozilla/4.0 (compatible; MSIE 6.0; Windows NT
5.0), -, 5/1/2002, 17:03:30, -, PROXY, -, www.google.com,
216.239.39.101,
8000, 3203, 626, 0, http, -, GET, http://www.google.com:8000/, -, Inet,
10061, -, General Web Access, Allow rule
I get the 10061 return code from ISA. IE (with friendly errors turned
off)
gives the following:
10061 - Connection refused
Internet Security and Acceleration Server
------------------------------------------------------------------------
----
----
Technical Information (for support personnel)
Background:
The server you are attempting to access has refused the connection with
the
gateway. This usually results from trying to connect to a service that
is
inactive on the server.
ISA Server: proxy.nbme.org
Via:
Here are the relevant snippets from the ISA firewall log file:
5/1/2002, 17:03:27, 65.207.85.80, 216.239.39.101, Tcp, 50823, 8000, -,
ALLOWED, 65.207.85.80, -, -
5/1/2002, 17:03:27, 216.239.39.101, 65.207.85.80, Tcp, 8000, 50823, -,
ALLOWED, 65.207.85.80, -, -
5/1/2002, 17:03:27, 65.207.85.80, 216.239.39.101, Tcp, 50823, 8000, -,
ALLOWED, 65.207.85.80, -, -
5/1/2002, 17:03:27, 216.239.39.101, 65.207.85.80, Tcp, 8000, 50823, -,
ALLOWED, 65.207.85.80, -, -
5/1/2002, 17:03:28, 65.207.85.80, 216.239.39.101, Tcp, 50823, 8000, -,
ALLOWED, 65.207.85.80, -, -
5/1/2002, 17:03:28, 216.239.39.101, 65.207.85.80, Tcp, 8000, 50823, -,
ALLOWED, 65.207.85.80, -, -
5/1/2002, 17:03:28, 65.207.85.80, 216.239.39.101, Tcp, 50828, 8000, -,
ALLOWED, 65.207.85.80, -, -
5/1/2002, 17:03:28, 216.239.39.101, 65.207.85.80, Tcp, 8000, 50828, -,
ALLOWED, 65.207.85.80, -, -
And, here's the log from the Pix firewall (wrappage) :
2002-05-01,17:03:27,192.9.200.96,23,2,%PIX-2-106002: tcp connection
denied
by outbound list 2 src 65.207.85.80 50823 dest 216.239.39.101 8000
192.9.201.51 is my workstation.
65.207.85.80 is the external interface of the ISA box.
216.239.39.101 is www.google.com
192.9.200.96 can be ignored; The Pix log is actually squirted to a
Syslog
server; From the syslog server's POV, the log message is coming from the
internal interface of the Pix.
So, These things together lead me to believe that that ISA is passing
the
request through.
> -----Original Message-----
> From: Thomas W. Shinder [mailto:tshinder@xxxxxxxxxxxxxxxxxx]
> Sent: Wednesday, May 01, 2002 4:33 PM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: Rules not working.
>
>
> http://www.ISAserver.org
>
>
> Hi Erik,
>
> OK, let's try to get to the bottom of this problem!
>
> In your Firewall log, configure it to log Rule#1 and Rule#2. This will
> give you information about what Protocol Rule and Site and
> Content Rule
> is allowing the requests through the ISA Server.
>
> HTH,
> Tom
> www.isaserver.org/shinder
>
>
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
Other related posts:
