RE: Rules not working.
- From: Erik Sojka <esojka@xxxxxxxx>
- To: "'[ISAserver.org Discussion List]'" <isalist@xxxxxxxxxxxxx>
- Date: Thu, 2 May 2002 11:29:25 -0400
I enabled those settings on the logs and tried to access again. As a test I
entered http://www.google.com:8000 in the IE address bar.
Here is the relevant snippet from the ISA web log file (wrappage):
192.9.201.51, NBME\ESojka, Mozilla/4.0 (compatible; MSIE 6.0; Windows NT
5.0), -, 5/1/2002, 17:03:30, -, PROXY, -, www.google.com, 216.239.39.101,
8000, 3203, 626, 0, http, -, GET, http://www.google.com:8000/, -, Inet,
10061, -, General Web Access, Allow rule
I get the 10061 return code from ISA. IE (with friendly errors turned off)
gives the following:
10061 - Connection refused
Internet Security and Acceleration Server
----------------------------------------------------------------------------
----
Technical Information (for support personnel)
Background:
The server you are attempting to access has refused the connection with the
gateway. This usually results from trying to connect to a service that is
inactive on the server.
ISA Server: proxy.nbme.org
Via:
Here are the relevant snippets from the ISA firewall log file:
5/1/2002, 17:03:27, 65.207.85.80, 216.239.39.101, Tcp, 50823, 8000, -,
ALLOWED, 65.207.85.80, -, -
5/1/2002, 17:03:27, 216.239.39.101, 65.207.85.80, Tcp, 8000, 50823, -,
ALLOWED, 65.207.85.80, -, -
5/1/2002, 17:03:27, 65.207.85.80, 216.239.39.101, Tcp, 50823, 8000, -,
ALLOWED, 65.207.85.80, -, -
5/1/2002, 17:03:27, 216.239.39.101, 65.207.85.80, Tcp, 8000, 50823, -,
ALLOWED, 65.207.85.80, -, -
5/1/2002, 17:03:28, 65.207.85.80, 216.239.39.101, Tcp, 50823, 8000, -,
ALLOWED, 65.207.85.80, -, -
5/1/2002, 17:03:28, 216.239.39.101, 65.207.85.80, Tcp, 8000, 50823, -,
ALLOWED, 65.207.85.80, -, -
5/1/2002, 17:03:28, 65.207.85.80, 216.239.39.101, Tcp, 50828, 8000, -,
ALLOWED, 65.207.85.80, -, -
5/1/2002, 17:03:28, 216.239.39.101, 65.207.85.80, Tcp, 8000, 50828, -,
ALLOWED, 65.207.85.80, -, -
And, here's the log from the Pix firewall (wrappage) :
2002-05-01,17:03:27,192.9.200.96,23,2,%PIX-2-106002: tcp connection denied
by outbound list 2 src 65.207.85.80 50823 dest 216.239.39.101 8000
192.9.201.51 is my workstation.
65.207.85.80 is the external interface of the ISA box.
216.239.39.101 is www.google.com
192.9.200.96 can be ignored; The Pix log is actually squirted to a Syslog
server; From the syslog server's POV, the log message is coming from the
internal interface of the Pix.
So, These things together lead me to believe that that ISA is passing the
request through.
> -----Original Message-----
> From: Thomas W. Shinder [mailto:tshinder@xxxxxxxxxxxxxxxxxx]
> Sent: Wednesday, May 01, 2002 4:33 PM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: Rules not working.
>
>
> http://www.ISAserver.org
>
>
> Hi Erik,
>
> OK, let's try to get to the bottom of this problem!
>
> In your Firewall log, configure it to log Rule#1 and Rule#2. This will
> give you information about what Protocol Rule and Site and
> Content Rule
> is allowing the requests through the ISA Server.
>
> HTH,
> Tom
> www.isaserver.org/shinder
>
>
Other related posts:
