Outbound 8080 fails for some users
- From: "Brian Stone" <brstephe@xxxxxxxxx>
- To: isalist@xxxxxxxxxxxxx
- Date: Thu, 22 Jan 2004 16:49:05 -0700
I've come across an odd situation I'm hoping someone has seen before.
Lots of background on this one, so please excuse the length.
W2K Server, SP4, all patches, ISA w/Feature Pack 1. All clients are
secure NAT, I have a client address set to limit the access of certain
groups of internal users by IP (they get a limited set of protocols and
only get 4-5 websites due to a restrictive destination set). I also have
another group of machines in a client address set that have no protocol
restrictions and no destination set restrictions. All of this setup works
flawlessly and has for well over a year.
Now here is where it gets fun, all users need to access a webserver using
non-standard port 8080. Sounds pretty simple, right? Create a protocol
rule for outbound 8080 and we're done right? Not exactly. I created an
outbound 8080 rule, permit it for both client address sets and the
non-restricted group can reach the site, the restricted group cannot.
Thinking that this is odd, I added the new site to the destination set as
an allowed host for the restricted group, I entered both www.server.com
and www.server.com:8080, just in case ISA was doing something funning with
the traffic - still no luck.
My next thought was that maybe it was the Listener for Outgoing Web
Requests creating the conflict so I changed the port for that and restart
related services, still no luck.
Running out of ideas on this one, anyone seen (and solved) this before?
Thanks!
Other related posts:
