Re: Help Configuring a rule

  • From: "Jim Harrison [ISAQFE]" <jim@xxxxxxxxxxxx>
  • To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
  • Date: Wed, 15 Jan 2003 08:00:36 -0800

It appears that you have some blocking rule in place.
Can you send a snip from the FW log for that connection?

 Jim Harrison
 MCP(NT4, W2K), A+, Network+, PCG
 http://www.microsoft.com/isaserver
 http://isaserver.org/pages/author_index.asp?aut=3
 http://isatools.org

 Read the help, books and articles!

----- Original Message -----
From: "Greg Foulks" <greg.foulks@xxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Tuesday, January 14, 2003 19:40
Subject: [isalist] Re: Help Configuring a rule


http://www.ISAserver.org


Jim,
30 sec, 5 minutes I even restarted the services.

Greg

----- Original Message -----
From: "Jim Harrison [ISAQFE]" <jim@xxxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Tuesday, January 14, 2003 7:43 PM
Subject: [isalist] Re: Help Configuring a rule


> http://www.ISAserver.org
>
>
> Hi Greg,
> How long after rule creation did you wait to test?
> It takes about 30 secs for any policy changes to take effect...
>
>  Jim Harrison
>  MCP(NT4, W2K), A+, Network+, PCG
>  http://www.microsoft.com/isaserver
>  http://isaserver.org/pages/author_index.asp?aut=3
>  http://isatools.org
>
>  Read the help, books and articles!
>
> ----- Original Message -----
> From: "Greg Foulks" <greg.foulks@xxxxxxxx>
> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
> Sent: Tuesday, January 14, 2003 14:56
> Subject: [isalist] Re: Help Configuring a rule
>
>
> http://www.ISAserver.org
>
>
> Jim,
> I tried to create a protocol rule using a Protocol Definition and it still
> fails.
>
> Here is the log after creating a Protocol rule to allow outbound 40002 and
> Inbound 40002
>
> 2003-01-14 22:46:54 12.32.70.210 207.135.149.103 Tcp 21971 40002 BLOCKED
> 12.32.70.210
> 2003-01-14 22:47:00 12.32.70.210 207.135.149.103 Tcp 21971 40002 BLOCKED
> 12.32.70.210
>
> Looking at the log here it looks like 40002 is not even able to get out.
>
> Greg Foulks, MCP
> NewFound Technologies, Inc.
> http://www.nfti.com
> Email: greg.foulks@xxxxxxxx
> Voice: 614.318.5036
> Fax: 614.318.5005
>
>
> -----Original Message-----
> From: Jim Harrison [ISAQFE] [mailto:jim@xxxxxxxxxxxx]
> Sent: Tuesday, January 14, 2003 5:16 PM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] Re: Help Configuring a rule
>
>
> http://www.ISAserver.org
>
>
> Yes, it could very well be NAT that's killing the app.
> You stated that you're testing from behind ISA; in that case, you need to
> create a protocol definition for that app and use it in a protocol rule.
>
>  Jim Harrison
>  MCP(NT4, W2K), A+, Network+, PCG
>  http://www.microsoft.com/isaserver
>  http://isaserver.org/pages/author_index.asp?aut=3
>  http://isatools.org
>
>  Read the help, books and articles!
>
> ----- Original Message -----
> From: "Greg Foulks" <greg.foulks@xxxxxxxx>
> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
> Sent: Tuesday, January 14, 2003 10:04
> Subject: [isalist] Help Configuring a rule
>
>
> http://www.ISAserver.org
>
>
> I have an application that I am trying to access through my ISA server.
This
> application is a java web based application. Without
> adding any rules and trying to access the application I get this in the
ISA
> IP logs
>
> 2003-01-14 17:52:29 12.32.70.210 207.135.149.103 Tcp 10984 40002 BLOCKED
> 12.32.70.210
> 2003-01-14 17:52:47 12.32.70.210 207.135.149.103 Tcp 10949 40002 BLOCKED
> 12.32.70.210
> 2003-01-14 17:53:04 207.135.149.103 12.32.70.210 Tcp 40002 10949 BLOCKED
> 12.32.70.210
> 2003-01-14 17:53:08 207.135.149.103 12.32.70.210 Tcp 40002 10949 BLOCKED
> 12.32.70.210
> 2003-01-14 17:53:17 207.135.149.103 12.32.70.210 Tcp 40002 10949 BLOCKED
> 12.32.70.210
> 2003-01-14 17:53:32 207.135.149.103 12.32.70.210 Tcp 40002 10949 BLOCKED
> 12.32.70.210
>
> Okay so I can see that port 40002 is blocked both inbound and outbound.
>
> So I create a IP packet filter and allow Remote port 40002 and Local Port
> dynamic for TCP 40002 direction set to Both.
>
> Now when I try to access the application I get this ISA IP log
>
> 2003-01-14 17:55:29 12.32.70.210 207.135.149.103 Tcp 10984 40002 ALLOWED
> 12.32.70.210
> 2003-01-14 17:55:47 12.32.70.210 207.135.149.103 Tcp 10949 40002 ALLOWED
> 12.32.70.210
> 2003-01-14 17:55:04 207.135.149.103 12.32.70.210 Tcp 40002 10949 ALLOWED
> 12.32.70.210
> 2003-01-14 17:55:08 207.135.149.103 12.32.70.210 Tcp 40002 10949 ALLOWED
> 12.32.70.210
> 2003-01-14 17:55:17 207.135.149.103 12.32.70.210 Tcp 40002 10949 ALLOWED
> 12.32.70.210
> 2003-01-14 17:55:32 207.135.149.103 12.32.70.210 Tcp 40002 10949 ALLOWED
> 12.32.70.210
>
>
> However the application fails to start as if something else is still being
> blocked.
>
> I've tried to access this application from the sever that is running ISA,
> from a computer sitting behind the ISA server, I've tried
> it on systems running secureNAT, running the Firewall Client. The only
> system that I've been able to get it to work on is a Laptop
> that I've setup on the internet with a public IP address that is not
behind
> the ISA server and it works fine.
>
> Could the problem be with the NAT? Any other ideas that may help?
>
> Thanks,
>
> Greg Foulks, MCP
> NewFound Technologies, Inc.
> http://www.nfti.com
> Email: greg.foulks@xxxxxxxx
> Voice: 614.318.5036
> Fax: 614.318.5005
>
>
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Exchange Server Resource Site: http://www.msexchange.org/
> Windows Security Resource Site: http://www.windowsecurity.com/
> Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
> jim@xxxxxxxxxxxx
> To unsubscribe send a blank email to $subst('Email.Unsub')
>
>
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Exchange Server Resource Site: http://www.msexchange.org/
> Windows Security Resource Site: http://www.windowsecurity.com/
> Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
> greg.foulks@xxxxxxxx
> To unsubscribe send a blank email to $subst('Email.Unsub')
>
>
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Exchange Server Resource Site: http://www.msexchange.org/
> Windows Security Resource Site: http://www.windowsecurity.com/
> Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
> jim@xxxxxxxxxxxx
> To unsubscribe send a blank email to $subst('Email.Unsub')
>
>
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Exchange Server Resource Site: http://www.msexchange.org/
> Windows Security Resource Site: http://www.windowsecurity.com/
> Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
greg.foulks@xxxxxxxx
> To unsubscribe send a blank email to $subst('Email.Unsub')
>


------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Exchange Server Resource Site: http://www.msexchange.org/
Windows Security Resource Site: http://www.windowsecurity.com/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')



Other related posts: