RE: Packet filter weirdness
- From: "Jim Harrison" <jim@xxxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Wed, 24 Apr 2002 06:43:37 -0700
Given the "reverse NAT" entry, I'd say youhave a corrupted server
publlishing rule.
Use "AD Users and Computers" in "Advanced" view mode and drill down to the
object listed in
CN=2F3B145E-C008-43E0-8AE1-720F62173C0B}.
You'll see the name of the SPR that's choking.
Use the ISA managament MMC to remove and recreate the SPR and all will be
well.
Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG
http://isaserver.org/authors/harrison/
Read the books!
----- Original Message -----
From: John C. Shepard
To: [ISAserver.org Discussion List]
Sent: Tuesday, April 23, 2002 8:41 AM
Subject: [isalist] RE: Packet filter weirdness
http://www.ISAserver.org
This shows up in the Application Log occasionally, related or not.
Event Type: Error
Event Source: Microsoft Firewall
Event Category: None
Event ID: 11001
Date: 4/23/2002
Time: 8:33:43 AM
User: N/A
Computer: CERBERUS
Description:
Microsoft Firewall failed. The failure occurred during Initialization of
reverse Network Address Translation (NAT). because the configuration
property ClientSetsExcluded of the key
LDAP://dc1.seattle.atinera.local/CN={013C3867-DCB6-470A-884D-1DBA2708ACBF},C
N=PNATServerMappings,CN=Publishing,CN={2F3B145E-C008-43E0-8AE1-720F62173C0B}
,CN=Arrays,CN=Fpc,CN=System,DC=seattle,DC=atinera,DC=local could not be
accessed. Use the source location 3.1061.3.0.1200.166 to report the failure.
The error code in the Data area of the event properties indicates the cause
of the failure. For more information about this event, see ISA Server Help.
The error description is: The system cannot find the file specified.
Data:
0000: 02 00 07 80 ...?
-----Original Message-----
From: John C. Shepard
Sent: Tuesday, April 23, 2002 8:01 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] Packet filter weirdness
http://www.ISAserver.org
Has anyone gotten Filters to work on a 2nd or 3rd IP address for the
external NIC? They seem to work perfectly for the first IP address but not
for any other IP:
External NIC:
IP 1: 123.123.123.1
IP 2: 123.123.123.2
Filters:
#1: Allow, ICMP ping response, External IP 123.123.123.1, All remote
computers
#2: Allow, ICMP ping query, External IP 123.123.123.1, All remote computers
#3: Allow, ICMP ping response, External IP 123.123.123.2, All remote
computers
#4: Allow, ICMP ping query, External IP 123.123.123.2, All remote computers
Results:
Can ping 123.123.123.1 fine, but canot ping 123.123.123.2.
It's almost like packet filters bind on nothing but the first IP. That is
not the case with Server Publishing Rules. They work fine on the second IP.
What is the explanation?
John
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jshepard@xxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
Other related posts:
