RE: ISA in SBS2000

  • From: "Amy Babinchak" <amy@xxxxxxxxxxxxxxxxxxxxxxxxxx>
  • To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
  • Date: Thu, 19 May 2005 17:39:52 -0400

Check to see if the request is making it to the ISA server. What do the
logs say about this inbound connection?

 

FYI: Someone has messed with the ISA configuration on the SBS server.
Out of the box, it requires the firewall client for any user to use the
Internet.

 

Amy

 

Harbor Computer Services

Small Business Computer Specialists

 

Client Blog: http://smalltechnotes.blogspot.com/

Tech Blog: http://isainsbs.blogspot.com/

Help: http://helpdesk.harborcomputerservices.net/

Website: http://www.harborcomputerservices.net/

 

________________________________

From: John Tolmachoff (Lists) [mailto:johnlist@xxxxxxxxxxxxxxxxxxx] 
Sent: Thursday, May 19, 2005 9:15 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: ISA in SBS2000

 

http://www.ISAserver.org

Your ADSL router is blocking the inbound connection. Reconfigure it in
Bridge mode and give the ISA server external NIC the public IP address.

 

John T

eServices For You

 

-----Original Message-----
From: keith [mailto:keith@xxxxxxxxxxxxxx] 
Sent: Thursday, May 19, 2005 2:55 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] ISA in SBS2000

 

I have searched isaserver.org looking for a solution to a particular
problem and am now desperate for help.

 

My problem is this:

 

A customer of mine has a new EDI solution to communicate with
Asda/Walmart.

 

They run SBS2000 with the network setup as follows, the gateway is an
adsl router with an external address 81.x.x.x and an internal address
192.168.211.x/30 which is directly connected to the external card of the
SBserver 192.168.211.x/30.

 

The internal network is a 192.168.220.x/24 network. The EDI PC running
Win XP Pro sits on the internal network with a 192.168.220.x/24 static
address.

 

Asda/Walmart are trying to send test data to the EDI Software known as
AS2 via the 81 address.

 

I have created protocol rules and filters and everything I can think of
in the isa firewall but the data still does not get through to the pc,
although the pc can communicate to them, I can also ping and traceroute
to them. 

 

I have tried to setup the ISA firewall as requested in the software
documentation: as follows -

 

For communication To Wal-mart open destination 161.165.202.30 on port
5080

 

For communication From Wal-mart listen for source from: 161.165.202.24
to 161.165.202.29 inclusive using a source port between 1023 and 65535

 

I have checked that the server is configured for inbound connections and
it is set to the default, listening on the external address on port 80.

 

I have tried to set a protocol definition and rule to allow tcp inbound,
I have tried a publishing rule which publishes the service to the
internet through the firewall I have even opened all ports from all
sources to all destinations, still no luck.

 

A number of suggestions have been made which require the PC to be a
Firewall client, when I make the PC a client it stops the rest from
working, the PC cannot get on the internet and the EDI desktop doesn't
work and anyway none of the other PC's have firewall client installed.

 

The PC can send to the test server and install secure certificates from
Walmart but I can't get a reply. When they send a test message they just
get Unable to connect to remote peer as below

 

CONTEST: 2005.04.15 06:52:44.556 847703 HPOS OK Outbound session started
- workorder=(41574805) mbox=(RHGbg6Sp) batch=(#331163) attempt=(1 of 1)
CONTEST: 2005.04.15 06:52:44.886 847703 EXCE OK File extracted - [403]
bytes
CONTEST: 2005.04.15 06:52:46.406 847703 HPOS ERR Unable to connect to
remote peer
CONTEST: 2005.04.15 06:52:46.406 847703 HPOS OK One or more errors
occured with this transaction. m_nErr=[150f]
CONTEST: 2005.04.15 06:52:46.556 PNOC OK ** Batch (331163) (EDIINTDATA)
notice stored in database **
CONTEST: 2005.04.15 06:52:46.686 847703 HPOS OK Outbound session
stopping - batch=[#331163]

Any step by step help to get this problem solved would be much
appreciated.

Kind Regards

 

Keith Bath BEM,CCNP,CCNA
Waterlight Solutions
www.waterlight-solutions.co.uk
Tel: 01743340791
Mob: 07803603080
Fax: 08707064901

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
amy@xxxxxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx 

Other related posts: