I wasn't walking out of the door, but I was pretty close to it. =) Sorry, ISA 2004 SE, this ISA Server also provides VPN access to remote users and authenticates oubound access.. We also have OWA with FBA published thru HTTPS. This webserver will provide access to some web pages for customers thru HTTPS, it was previously in the Internal network. Tiago de Aviz SoftSell - Curitiba (41) 3340-2363 www.softsell.com.br Esta mensagem, incluindo seus anexos, tem caráter confidencial e seu conteúdo é restrito ao destinatário da mensagem. Caso você tenha recebido esta mensagem por engano, queira por favor retorná-la ao destinatário e apagá-la de seus arquivos. Qualquer uso não autorizado, replicação ou disseminação desta mensagem ou parte dela é expressamente proibido. A SoftSell não é responsável pelo conteúdo ou a veracidade desta informação. >>> Jim@xxxxxxxxxxxx 2/2/2006 17:52 >>> http://www.ISAserver.org Rule#1 = do *NOT* change any ISA configuration as you walk out the door Rule#2 - please tell us: - what ISA version - what ISA edition - what other ISA configuration exists - what design silliness made you split your AD members across your firewall? ------------------------------------------------------- Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://isaserver.org/Jim_Harrison/ http://isatools.org Read the help / books / articles! ------------------------------------------------------- -----Original Message----- From: Tiago de Aviz [mailto:Tiago@xxxxxxxxxxxxxxx] Sent: Thursday, February 02, 2006 11:33 To: [ISAserver.org Discussion List] Subject: [isalist] Traffic denied from DMZ to Internal http://www.ISAserver.org Guys, This is as ridiculous as it looks. I've implemented a DMZ today on a customer, configured as follows: Web server ISA Server (192.168.0.2/30) -------------- (192.168.0.1/30) Created the network object for the DMZ network (only worked when I put the 192.168.0.0/24 range), Created access rules for configuring the Web server from the ISA box (as i'm working remotely), configured it, created web publishing rules, created rules that allowed authentication against the DC's and access into a MSSQL database that the site needs. When I was done and ready to pack and leave, I deleted the rule that allowed access to the web server from the ISA box, and created another one that allowed access from the admin's workstation into the web server. As soon as I applied that, the server on the DMZ can't access any resources on the Internal net, ISA drops simply everything even if I tell it "yeah yeah let it do whatever it wants". Network rules are in place and apparently working. I've created all sorts of "Allow all" rules and I can't make the Web server authenticate against my DC's again. The logs show that the connection was denied, however it won't show which rule dropped the traffic. (empty row) What could be wrong in here? Tiago de Aviz SoftSell - Curitiba (41) 3340-2363 www.softsell.com.br Esta mensagem, incluindo seus anexos, tem caráter confidencial e seu conteúdo é restrito ao destinatário da mensagem. Caso você tenha recebido esta mensagem por engano, queira por favor retorná-la ao destinatário e apagá-la de seus arquivos. Qualquer uso não autorizado, replicação ou disseminação desta mensagem ou parte dela é expressamente proibido. A SoftSell não é responsável pelo conteúdo ou a veracidade desta informação. ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscr ibed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx All mail to and from this domain is GFI-scanned. ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tiago@xxxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx