[isalist] Re: Second connection to certain sites....

• From: "Jim Harrison" <Jim@xxxxxxxxxxxx>
• To: <isalist@xxxxxxxxxxxxx>
• Date: Sun, 7 Jan 2007 21:03:19 -0800

http://www.ISAserver.org
-------------------------------------------------------
  
I'd prefer to see captures of this.
ISA logs are useful, but they can't tell you what was actually passing
between the client/servers.
I serious doubt that there is anything MTU-related here.

-----Original Message-----
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx]
On Behalf Of Taps
Sent: Sunday, January 07, 2007 8:59 PM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: Second connection to certain sites....

http://www.ISAserver.org
-------------------------------------------------------
  
Those Log connections are to www.llli.org.  The other example in my
original message.  MS Just happens to have the same problems.  But since
a single MS page pulls from multiple servers, I figured it would be
easier to track down this smaller site with the same issue.

As for the logs themselves, I was just trying to illustrate that when I
make a connection from my machine, the firewall makes another one right
after it.


Another forum is saying it may be an MTU issue.  Seeing as how I only
have this problem on one of the 2 DSL Routers I have access to.  So my
next question is... do I change the MTU on the clients?  Or on the ISA
box?  Or both?  Or is there a way to change the MTU for ISA itself?
Since if I stop ISA and use the Win2K3 box directly, I have no issues.

--


Taps@xxxxxxxxxxxx
http://Taps.Iniquity.Org

-  "What spirit is so empty and blind, that it cannot recognize the fact
that the foot is more noble than the shoe, and skin more beautiful than
the garment with which it is clothed?" -- Michaelangelo  (1475 -1564)

-  "Build a man a fire, and he'll be warm for a day. Set a man on fire,
and he'll be warm for the rest of his life." -- Terry Pratchett (1948 -
)

-  "Keep away from people who try to belittle your ambitions. Small
people always do that, but the really great make you feel that you, too,
can become great." -- Mark Twain (1835 - 1910)



-----Original Message-----
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx]
On Behalf Of Jim Harrison
Sent: Sunday, January 07, 2007 11:07 PM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: Second connection to certain sites....

http://www.ISAserver.org
-------------------------------------------------------
  
Neither one of those destination IPs are microsoft. 
Don't' forget; ISA is also a Windows server, and as such will make its
own occasional connections because of CRL lookups, cache updates, etc.

You'll need more than a couple of log entries to sort this out...

-------------------------------------------------------
   Jim Harrison
   MCP(NT4, W2K), A+, Network+, PCG
   http://isaserver.org/Jim_Harrison/
   http://isatools.org
   Read the help / books / articles!
-------------------------------------------------------
 

-----Original Message-----
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx]
On Behalf Of Taps
Sent: Sunday, January 07, 2007 20:01
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Second connection to certain sites....

Also on
http://forums.isaserver.org/Second_connection_to_certain_sites%25%25%25%
25/m_2002035744/tm.htm

 

 

Can someone tell me why ISA 2006 STD would want to make a second
connection to a web server from the localhost.....  And then not pull up
the page I originally asked for???

For instance:
DOOR    2007-01-07    21:53:26    TCP    192.168.69.61:1841
4.71.165.84:80    192.168.69.61    Internal    External    Establish
0x0    Allow All Web    HTTP    N    0    0    0    0    -    -    -
-    -    -    -    -    16    835    -    -    -    2007-01-07 21:53:26
DOOR    2007-01-07    21:53:26    TCP    66.xx.xxx.xx:34926
4.71.165.84:80    66. xx.xxx.xx    Local Host    External    Establish
0x0    -    HTTP    N    0    0    0    0    -    -    -    -    -    -
-    -    11    836    -    -    -    2007-01-07 21:53:26


It doesn't do this for every site.  but one of the main ones it does is
*.microsoft.com.  So getting windows updates ain't happening.  And since
my wife found this when trying to go to http://www.llli.org/ I am
getting all sorts of crap because that one doesn't work either.  

But this isaserver.org, and most of the other site we use do.  Its just
a handful of them that show this.

I am at a loss.  Anyone have a clue where I should start looking?

 

 

 

--

 

 

Taps@xxxxxxxxxxxx

http://Taps.Iniquity.Org

 

-  "What spirit is so empty and blind, that it cannot recognize the fact
that the foot is more noble than the shoe, and skin more beautiful than
the garment with which it is clothed?" -- Michaelangelo  (1475 -1564)

 

-  "Build a man a fire, and he'll be warm for a day. Set a man on fire,
and he'll be warm for the rest of his life." -- Terry Pratchett (1948 -
)

 

-  "Keep away from people who try to belittle your ambitions. Small
people always do that, but the really great make you feel that you, too,
can become great." -- Mark Twain (1835 - 1910)

 

 

 


All mail to and from this domain is GFI-scanned.

------------------------------------------------------
List Archives: //www.freelists.org/archives/isalist/
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server Articles and Tutorials:
http://www.isaserver.org/articles_tutorials/
ISA Server Blogs: http://blogs.isaserver.org/
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
Report abuse to listadmin@xxxxxxxxxxxxx 

------------------------------------------------------
List Archives: //www.freelists.org/archives/isalist/
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server Articles and Tutorials:
http://www.isaserver.org/articles_tutorials/
ISA Server Blogs: http://blogs.isaserver.org/
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
Report abuse to listadmin@xxxxxxxxxxxxx 


All mail to and from this domain is GFI-scanned.

------------------------------------------------------
List Archives: //www.freelists.org/archives/isalist/  
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp 
ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/ 
ISA Server Blogs: http://blogs.isaserver.org/ 
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com 
------------------------------------------------------
To unsubscribe visit http://www.isaserver.org/pages/isalist.asp 
Report abuse to listadmin@xxxxxxxxxxxxx 

• References:
  • [isalist] Second connection to certain sites....
    • From: Taps
  • [isalist] Re: Second connection to certain sites....
    • From: Jim Harrison
  • [isalist] Re: Second connection to certain sites....
    • From: Taps

Other related posts:

• » [isalist] Second connection to certain sites....
• » [isalist] Re: Second connection to certain sites....
• » [isalist] Re: Second connection to certain sites....
• » [isalist] Re: Second connection to certain sites....

1. Home
2. isalist
3. Archive
4. 01-2007

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---