RE: Help Configuring a rule
- From: "Thomas W Shinder" <tshinder@xxxxxxxxxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Wed, 15 Jan 2003 18:51:08 -0600
Hi Greg,
At this point I would fire up the packet sniffer on the client, the
internal interface or the ISA Server and the external interface of the
ISA Server all at the same time and see the details of the conversation.
HTH,
Tom
www.isaserver.org/shinder
-----Original Message-----
From: Greg Foulks [mailto:greg.foulks@xxxxxxxx]
Sent: Tuesday, January 14, 2003 9:40 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Help Configuring a rule
http://www.ISAserver.org
Tom,
The Firewall service logs mention nothing about this connection attempt.
Thanks,
Greg
----- Original Message -----
From: "Thomas W Shinder" <tshinder@xxxxxxxxxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Tuesday, January 14, 2003 7:33 PM
Subject: [isalist] RE: Help Configuring a rule
http://www.ISAserver.org
Hi Greg,
Create a protocol def and protocol rule to support the protocol. Make
sure no secondary connections are required. Confirm you have completely
knowledge of the protocol and that the vendor isn't feeding you a line.
What do the firewall services logs say? The should list the .exe name
and a result code.
Thanks!
Tom
www.isaserver.org/shinder
-----Original Message-----
From: Greg Foulks [mailto:greg.foulks@xxxxxxxx]
Sent: Tuesday, January 14, 2003 12:04 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] Help Configuring a rule
http://www.ISAserver.org
I have an application that I am trying to access through my ISA server.
This application is a java web based application. Without
adding any rules and trying to access the application I get this in the
ISA IP logs
2003-01-14 17:52:29 12.32.70.210 207.135.149.103 Tcp
10984 40002 BLOCKED 12.32.70.210
2003-01-14 17:52:47 12.32.70.210 207.135.149.103 Tcp
10949 40002 BLOCKED 12.32.70.210
2003-01-14 17:53:04 207.135.149.103 12.32.70.210 Tcp
40002 10949 BLOCKED 12.32.70.210
2003-01-14 17:53:08 207.135.149.103 12.32.70.210 Tcp
40002 10949 BLOCKED 12.32.70.210
2003-01-14 17:53:17 207.135.149.103 12.32.70.210 Tcp
40002 10949 BLOCKED 12.32.70.210
2003-01-14 17:53:32 207.135.149.103 12.32.70.210 Tcp
40002 10949 BLOCKED 12.32.70.210
Okay so I can see that port 40002 is blocked both inbound and outbound.
So I create a IP packet filter and allow Remote port 40002 and Local
Port dynamic for TCP 40002 direction set to Both.
Now when I try to access the application I get this ISA IP log
2003-01-14 17:55:29 12.32.70.210 207.135.149.103 Tcp
10984 40002 ALLOWED 12.32.70.210
2003-01-14 17:55:47 12.32.70.210 207.135.149.103 Tcp
10949 40002 ALLOWED 12.32.70.210
2003-01-14 17:55:04 207.135.149.103 12.32.70.210 Tcp
40002 10949 ALLOWED 12.32.70.210
2003-01-14 17:55:08 207.135.149.103 12.32.70.210 Tcp
40002 10949 ALLOWED 12.32.70.210
2003-01-14 17:55:17 207.135.149.103 12.32.70.210 Tcp
40002 10949 ALLOWED 12.32.70.210
2003-01-14 17:55:32 207.135.149.103 12.32.70.210 Tcp
40002 10949 ALLOWED 12.32.70.210
However the application fails to start as if something else is still
being blocked.
I've tried to access this application from the sever that is running
ISA, from a computer sitting behind the ISA server, I've tried
it on systems running secureNAT, running the Firewall Client. The only
system that I've been able to get it to work on is a Laptop
that I've setup on the internet with a public IP address that is not
behind the ISA server and it works fine.
Could the problem be with the NAT? Any other ideas that may help?
Thanks,
Greg Foulks, MCP
NewFound Technologies, Inc.
http://www.nfti.com
Email: greg.foulks@xxxxxxxx
Voice: 614.318.5036
Fax: 614.318.5005
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Exchange Server Resource Site: http://www.msexchange.org/
Windows Security Resource Site: http://www.windowsecurity.com/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Exchange Server Resource Site: http://www.msexchange.org/
Windows Security Resource Site: http://www.windowsecurity.com/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
greg.foulks@xxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Exchange Server Resource Site: http://www.msexchange.org/
Windows Security Resource Site: http://www.windowsecurity.com/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
Other related posts:
