Re: AW: Online Banking Issues
- From: "Thomas W Shinder" <tshinder@xxxxxxxxxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Thu, 26 Jun 2003 14:01:03 -0500
Hi Jeff,
Try configuring the site for Direct Access and then configure the client
as SecureNAT and/or Firewall clients.
HTH,
Tom
Thomas W Shinder
www.isaserver.org/shinder
ISA Server and Beyond: http://tinyurl.com/1jq1
Configuring ISA Server: http://tinyurl.com/1llp
-----Original Message-----
From: Jeff Sloan [mailto:jsloan@xxxxxxxxxxxx]
Sent: Thursday, June 26, 2003 1:59 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: AW: Online Banking Issues
http://www.ISAserver.org
Tried changing the MTU value to 1400.
Win xp pro all updates and patches IE6 sp1 all updates etc etc
Same with Win 2000 sp3 and all other patches, same browser.
Jeff Sloan
Network Administrator
Cross Oil Refining & Marketing, Inc.
484 E. 6th St.
Smackover, AR 71762
Phone 870-864-8688
Fax 870-864-8689
Cell 870-866-9941
-----Original Message-----
From: John Tolmachoff (Lists) [mailto:johnlist@xxxxxxxxxxxxxxxxxxx]
Sent: Thursday, June 26, 2003 11:59 AM
To: ISALists
Subject: [isalist] Re: AW: Online Banking Issues
http://www.ISAserver.org
Just tried what?
What version of IE?
What OS?
All SP and patches?
John Tolmachoff MCSE CSSA
Engineer/Consultant
eServices For You
www.eservicesforyou.com
> -----Original Message-----
> From: Jeff Sloan [mailto:jsloan@xxxxxxxxxxxx]
> Sent: Thursday, June 26, 2003 8:42 AM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] Re: AW: Online Banking Issues
>
> http://www.ISAserver.org
>
>
> Just tried that, it didn't work...Thanks, though.
>
> Jeff Sloan
> Network Administrator
> Cross Oil Refining & Marketing, Inc.
> 484 E. 6th St.
> Smackover, AR 71762
>
> Phone 870-864-8688
> Fax 870-864-8689
> Cell 870-866-9941
>
>
>
> -----Original Message-----
> From: John Tolmachoff (Lists) [mailto:johnlist@xxxxxxxxxxxxxxxxxxx]
> Sent: Thursday, June 26, 2003 9:23 AM
> To: ISALists
> Subject: [isalist] Re: AW: Online Banking Issues
>
>
> http://www.ISAserver.org
>
>
> > This is what I am suspecting, and I have no problem making a
> > registry =
> change for
> > the oddball site, or a config file change if needed for the = same
> > thing,
> but for
> > national banking firms, they better get their = 'stuff' strait. They
> > still
> say they are
> > working with Microsoft to get it = fixed. I'll let the group know
> > when
> they get it fixed,
> > and what they did = if they will tell me.
>
> Before we shoot the site programmers, it may not be entirely there
> fault.
>
> I still have a suspicion that it is more of a security firewall issue.
>
> Here is my conclusion on the issue I was working on for a client a
> month
> ago:
>
> "05/19/03 6:00 PM Case wrapup. It appears this issued was caused by a
> change in the way WellsFargo does a security check on the inbound
> packets. The SonicWall is set to fragment outgoing packets at 1404 to
> resovle a blackhole router issue setting up VPN with Toronto, that was
> done in December of 2001. Normally then, if the client does not
> discover the recipient MTU, the firewall will repackage the packets to
> the small size. I received more information about this from the Imail
> Forum group where one person said they are probably blocking ICMP Code
> 3 Type 4 which would screw up the MTU path discovery, which would have
> allowed the client to switch automaticly to a smaller MTU size. So, by
> forcing the clients to use a MTU packet size of 1400, the outbound
> packets were never fragmented, and thereby never changed. This also
> requires updates Q810847 and Q813951 to be installed on the client."
>
> So, if the client, or even their firewall/router, is not able to
> discover the MTU path, and the packets are fragmented at some point,
> the problem appears. This is also why the problem does not occur with
> regular websites, only SSL where there is additional overhead added to
> the packets.
>
> John Tolmachoff MCSE CSSA
> Engineer/Consultant
> eServices For You
> www.eservicesforyou.com
>
>
>
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Other Internet Software Marketing Sites:
> Leading Network Software Directory: http://www.serverfiles.com No.1
> Exchange Server Resource Site: http://www.msexchange.org Windows
> Security Resource Site: http://www.windowsecurity.com/ Network
> Security
> Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions:
> http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
> jsloan@xxxxxxxxxxxx To unsubscribe send a blank email to
> $subst('Email.Unsub')
>
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Other Internet Software Marketing Sites:
> Leading Network Software Directory: http://www.serverfiles.com No.1
> Exchange Server Resource Site: http://www.msexchange.org Windows
> Security Resource Site: http://www.windowsecurity.com/ Network
> Security Library: http://www.secinf.net/ Windows 2000/NT Fax
> Solutions: http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
> johnlist@xxxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to
> $subst('Email.Unsub')
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com No.1
Exchange Server Resource Site: http://www.msexchange.org Windows
Security Resource Site: http://www.windowsecurity.com/ Network Security
Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jsloan@xxxxxxxxxxxx To unsubscribe send a blank email to
$subst('Email.Unsub')
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
Other related posts:
