RE: Need some insight on denied traffic and web proxies
- From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Wed, 12 Oct 2005 07:50:11 -0500
Hi Milan,
Check out: http://isaserver.org/pages/search.asp?query=ISA+firewall+networks
HTH,
Tom
Thomas W Shinder, M.D.
Site: www.isaserver.org
Blog: http://spaces.msn.com/members/drisa/
Book: http://tinyurl.com/3xqb7
MVP -- ISA Firewalls
> -----Original Message-----
> From: "Milan Göllner" [mailto:milan.goellner@xxxxxxxxxxx]
> Sent: Wednesday, October 12, 2005 6:31 AM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: Need some insight on denied traffic
> and web proxies
>
> http://www.ISAserver.org
>
> Well, I think I solved it, but this is leading me straight to
> the next question. How does ISA associate networks to actual
> network cards? Or rather, is there a way for me to force ISA
> to accept traffic from a certain source on a certain nic?
>
>
> Mit freundlichen Grüßen,
> kind regards,
>
> Milan Göllner
> Computer Services & Informationssysteme
> CAE Elektronik GmbH
> Military Simulation & Training
> 52220 Stolberg, Germany
> --
> Tel: +49 (2402) 106 691
> eMail: milan.goellner@xxxxxxxxxxx
>
> -----Original Message-----
> From: Milan Göllner [mailto:milan.goellner@xxxxxxxxxxx]
> Sent: Wednesday, October 12, 2005 1:22 PM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: Need some insight on denied traffic
> and web proxies
>
> http://www.ISAserver.org
>
> Just to add to my previous posting, I'm seeing this error:
> FWX_E_FWE_SPOOFING_PACKET_DROPPED
>
>
> Mit freundlichen Grüßen,
> kind regards,
>
> Milan Göllner
> Computer Services & Informationssysteme
> CAE Elektronik GmbH
> Military Simulation & Training
> 52220 Stolberg, Germany
> --
> Tel: +49 (2402) 106 691
> eMail: milan.goellner@xxxxxxxxxxx
>
> -----Original Message-----
> From: Milan Göllner [mailto:milan.goellner@xxxxxxxxxxx]
> Sent: Wednesday, October 12, 2005 12:09 PM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] Need some insight on denied traffic and web proxies
>
> http://www.ISAserver.org
>
> Greetings list,
>
> I have an issue in the following scenario, my insight into
> ISA is still somewaht limited so right now I'm failing to
> understand this.
>
> I have a default internal network, I have a default external
> network, I have an added perimiter network
> I have only one nic enabled right now, I'm still testing web
> proxy features
> I want to enable web proxies for internal and perimiter
> networks which I think I did correctly, at least everything
> is working when traffic originates from my internal network
>
> However: my scenario includes various remote webservers only
> reachable via vpn tunnles. The remote web servers will only
> accept traffic originating in our internal network. Whilst
> playing around with this scenario I noticed the following:
> I have set up an access rule allowing everything from
> perimiter to ISA server, later on this will again be reduced
> to whatever is actually needed. On a host in the perimiter I
> entered the internal IP of ISA as the proxy, the perimiter
> actually gets 'routed' across a PIX sitting in between as
> well. I then try to access a remote web server, however,
> access is denied. ISA's monitor denies access to port 8080.
> The originating IP is taht of the actual host, target is ISA.
> The access rule permits everything from perimiter to ISA.
>
> I created the perimiter network as a network enabling the
> proxy on it as well as a network range containing the IPs of
> the perimiter network. I tried combinations of various
> objects in the access rule, finally opening up everything,
> but still I get an access denied which I don't get. Where is
> the error? (I'll gladly accept references to Tom's book or
> some website, this has probably been discussed somewhere
> before and I'm sorry if I'm bringing this up again)
>
> Thank you for your time
>
> Mit freundlichen Grüßen,
> kind regards,
>
> Milan Göllner
> Computer Services & Informationssysteme
> CAE Elektronik GmbH
> Military Simulation & Training
> 52220 Stolberg, Germany
> --
> Tel: +49 (2402) 106 691
> eMail: milan.goellner@xxxxxxxxxxx
>
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion
> List as: milan.goellner@xxxxxxxxxxx
> To unsubscribe visit
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
>
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion
> List as: milan.goellner@xxxxxxxxxxx
> To unsubscribe visit
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
>
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion
> List as: tshinder@xxxxxxxxxxxxxxxxxx
> To unsubscribe visit
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
>
>
Other related posts:
