[isalist] Re: Verizon DSL and ISA Server 2004 Problem!!!
- From: Paul Noble <pnoble@xxxxxxxxxxxxxxxxxxxxxxxxxx>
- To: "'isalist@xxxxxxxxxxxxx'" <isalist@xxxxxxxxxxxxx>
- Date: Tue, 5 Dec 2006 09:33:12 -0000
http://www.ISAserver.org
-------------------------------------------------------
But tom didn't state pop3 he stated pop3 server which is pulled from your
rule listings you provided.
Unless you're actually hosting a 'mail' server on your local lan or even any
services for the internet to access you really shouldn't have any incoming
rules at all, the default deny incoming should trump all.
If you're just a client pulling data from an isp pop3 server then your
outgoing rule should contact pop3 protocol NOT pop3 server protocol which
you stated.
-----Original Message-----
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On
Behalf Of Tee Darling
Sent: Tuesday, December 05, 2006 6:56 AM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: Verizon DSL and ISA Server 2004 Problem!!!
Tom,
What are you talking about now? And what is correct then? If you're
talking about the protocol that was allowed from the Internal network to the
incoming.verizon.net host, then it was POP3 Server protocol that was added
and not Pop3 as you have stated here. Thanks.
T
On 12/5/06, Thomas W Shinder <tshinder@xxxxxxxxxxx> wrote:
Pop3 server is incorrect.
From: isalist-bounce@xxxxxxxxxxxxx [mailto:
isalist-bounce@xxxxxxxxxxxxx <mailto:isalist-bounce@xxxxxxxxxxxxx> ] On
Behalf Of Steve Moffat
Sent: Monday, December 04, 2006 8:45 PM
To: ISA Mailing List
Subject: [isalist] Re: Verizon DSL and ISA Server 2004 Problem!!!
Have you any idea how to set up a mail account? It's looking for the
correct username and password.
Are you allowing smtp out to the mail server?
Read the help....it's all covered there.
S
From: isalist-bounce@xxxxxxxxxxxxx [mailto:
isalist-bounce@xxxxxxxxxxxxx <mailto:isalist-bounce@xxxxxxxxxxxxx> ] On
Behalf Of Tee Darling
Sent: Monday, December 04, 2006 7:07 PM
To: ISA Mailing List
Subject: [isalist] Re: Verizon DSL and ISA Server 2004 Problem!!!
I have a rule in place now to "allow" -->Selected Protocols - POP3
Server --> From Internal --> incoming.verizon.net.
The somehow "good news" is that when I try to "Test Account
Settings.." in Outlook 2003 I received the following info:
Established network connection ---> Completed
Find outgoing mail server (SMTP) ---> Completed
Find incoming mail server (POP3) ---> Completed
Log onto incoming mail server (POP3) -> Failed
Send test e-mail message -> Failed
Note: Before I implemented the rule above, I was receiving "Failed"
through out the above test. Now I am receiving 3 "Completed" and 2 "Failed"
In addition, I received 2 errors now when I do the Test Account
Settings:
1). Send test e-mail message: The specified server was found, but
there was no response from the server. Please verifiy that the port and SSL
information is correct. To access these settings close this dialog, then
click More Settings and click on the Advanced tab
2). Log onto incoming mail server (POP3): The specified server was
found, but there was no response from the server. Please verifiy that the
port and SSl information is correct. To access these settings close this
dialog, then click More Settings and click on the Advanced tab.
Someone out there may have encountered this problem before. Any help
as to how this was resolved?
T
On 12/4/06, Thor (Hammer of God) <thor@xxxxxxxxxxxxxxx> wrote:
You need outbound 110 to the pop3 server, not inbound. Outbound
from internal to incoming.verizon.net host.
t
On 12/4/06 1:23 PM, "Tee Darling" <tee.darling77@xxxxxxxxx> spoketh
to all:
Well, I do have a rule in place for incoming POP3 from the External
to Internal network but I have been getting this error all the time.
T
On 12/4/06, Steve Moffat <steve@xxxxxxxxxx> wrote:
Well yeeesss
You need an access rule on your ISA server to allow POP3 to the mail
server
S
From: isalist-bounce@xxxxxxxxxxxxx [mailto:
isalist-bounce@xxxxxxxxxxxxx <mailto: isalist-bounce@xxxxxxxxxxxxx
<mailto:isalist-bounce@xxxxxxxxxxxxx> > ] On Behalf Of Tee Darling
Sent: Monday, December 04, 2006 4:21 PM
To: ISA Mailing List
Subject: [isalist] Re: Verizon DSL and ISA Server 2004 Problem!!!
This is what I received when I telnet to my ISP POP3 mail server:
"
C:\>telnet incoming.verizon.net <http://incoming.verizon.net>
<http://incoming.verizon.net> 110
Connecting To incoming.verizon.net...Could not open connection to
the host, on p
ort 110: Connect failed
C:\>
Is there a rule that I have to come up with in order for this to
work?
T
On 12/4/06, Ara Avvali <Ara.Avvali@xxxxxxxxxxxxx> wrote:
No he me means telnet to your isp pop mail server
From: isalist-bounce@xxxxxxxxxxxxx
<mailto:isalist-bounce@xxxxxxxxxxxxx> <mailto:isalist-bounce@xxxxxxxxxxxxx>
[mailto: isalist-bounce@xxxxxxxxxxxxx <mailto: isalist-bounce@xxxxxxxxxxxxx
<mailto:isalist-bounce@xxxxxxxxxxxxx> > ] On Behalf Of Tee Darling
Sent: Monday, December 04, 2006 11:08 AM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: Verizon DSL and ISA Server 2004 Problem!!!
If you mean, to telnet inside the LAN from a workstation to the ISA
box, then this is what I received when I do that....--->
C:\>telnet 192.168.35.1 <http://192.168.35.1> <http://192.168.35.1>
110
Connecting To 192.168.35.1...Could not open connection to the host,
on port 110:
Connect failed
C:\>
T
On 12/4/06, Steve Moffat < steve@xxxxxxxxxx
<mailto:steve@xxxxxxxxxx> <mailto:steve@xxxxxxxxxx> > wrote:
Can you telnet to port 110 from your workstations?
S
From: isalist-bounce@xxxxxxxxxxxxx
<mailto:isalist-bounce@xxxxxxxxxxxxx> <mailto:isalist-bounce@xxxxxxxxxxxxx>
[mailto: isalist-bounce@xxxxxxxxxxxxx <mailto: isalist-bounce@xxxxxxxxxxxxx
<mailto:isalist-bounce@xxxxxxxxxxxxx> > ] On Behalf Of Tee Darling
Sent: Monday, December 04, 2006 2:15 PM
To: ISA Mailing List
Subject: [isalist] Re: Verizon DSL and ISA Server 2004 Problem!!!
Jim,
The answer to your questions is that Yes, traffic does flow
through ISA. All my workstations have the ISA client installed and they
connect to the Internet through the ISA box. The error code given by Outlook
is this --> "0x80042108 Outlook is unable to connect to your incoming POP3
e-mail server".
I did a search at MS knowledge base and I received KB article
318790. This article talks about this info:
SYMPTOMS
When you start Microsoft Outlook, you may not be able to send and
receive messages, and you may receive the following error message:
0x80042108 Outlook is unable to connect to your incoming POP3 e-mail
server.
Error! Filename not specified.
<#10f4f35296069fad_10f4ef63eaafe890_10f4ebf5db4c99e8_top> Back to the top
<#10f4f35296069fad_10f4ef63eaafe890_10f4ebf5db4c99e8_top>
CAUSE
This behavior may occur if any of the following conditions are true:
* There are corrupted files on your hard disk.
* You are running Norton Personal Firewall 2002.
* You are running Norton Internet Security software.
* You have installed an update to Microsoft Office.
* The Norton anti-spam add-in is enabled in Outlook.
Note Norton Personal Firewall 2002, Norton Internet Security
software, and the Norton Anti-Spam add-in are supported by Symantec Inc.
Error! Filename not specified.
<#10f4f35296069fad_10f4ef63eaafe890_10f4ebf5db4c99e8_top> Back to the top
<#10f4f35296069fad_10f4ef63eaafe890_10f4ebf5db4c99e8_top>
RESOLUTION
To resolve this behavior, remove your Norton Person Firewall or
Norton Internet Security software and then reinstall your Norton Person
Firewall or Norton Internet Security software.
Alternatively, you can use the contact information that is provided
later in this article if you need help.
To remove and then reinstall Norton Person Firewall or to remove and
then reinstall Norton Internet Security software, follow these steps.
----------------------------------------------------------------------------
-----------------------------------------------------
Here is the info for my Client and ISA Ipconfig /all:
"Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.
Client IPconfig /all
C:\>ipconfig /all
Windows IP Configuration
Host Name . . . . . . . . . . . . : vivace
Primary Dns Suffix . . . . . . . : XXXXXXX.net
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : XXXXXXX.net
Ethernet adapter LAN:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Linksys LNE100TX Fast
Ethernet Adapt
er(LNE100TX v4)
Physical Address. . . . . . . . . : 00-03-6D-15-28-95
Dhcp Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.35.25
<http://192.168.35.25> <http://192.168.35.25>
Subnet Mask . . . . . . . . . . . : 255.255.255.0
<http://255.255.255.0> <http://255.255.255.0>
Default Gateway . . . . . . . . . : 192.168.35.1
<http://192.168.35.1> <http://192.168.35.1>
DNS Servers . . . . . . . . . . . : 192.168.35.5
<http://192.168.35.5> <http://192.168.35.5> ---> my Domain IP
192.168.35.1--->
ISA box IP
Ethernet adapter Connection To Verizon:
Media State . . . . . . . . . . . : Media disconnected
Description . . . . . . . . . . . : CNet PRO200WL PCI Fast
Ethernet Adap
ter
Physical Address. . . . . . . . . : 00-08-A1-22-CE-FC
C:\>
ISA Ipconfig /all
C:\>ipconfig /all
Windows IP Configuration
Host Name . . . . . . . . . . . . : ISA1
Primary Dns Suffix . . . . . . . : XXXXXXXX.net
Node Type . . . . . . . . . . . . : Broadcast
IP Routing Enabled. . . . . . . . : Yes
WINS Proxy Enabled. . . . . . . . : Yes
DNS Suffix Search List. . . . . . : XXXXXXXX.net
Ethernet adapter LAN:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) PRO/100 Network
Connection
Physical Address. . . . . . . . . : 00-B0-D0-20-1C-DA
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.35.1
<http://192.168.35.1> <http://192.168.35.1>
Subnet Mask . . . . . . . . . . . : 255.255.255.0
<http://255.255.255.0> <http://255.255.255.0>
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : 192.168.35.1
<http://192.168.35.1> <http://192.168.35.1>
Ethernet adapter WAN:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) PRO/100+ Server
Adapter (PILA847
0B)
Physical Address. . . . . . . . . : 00-D0-B7-4D-52-A4
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.1.3
<http://192.168.1.3> <http://192.168.1.3>
Subnet Mask . . . . . . . . . . . : 255.255.255.0
<http://255.255.255.0> <http://255.255.255.0>
Default Gateway . . . . . . . . . : 192.168.1.1
<http://192.168.1.1> <http://192.168.1.1>
DNS Servers . . . . . . . . . . . : 192.168.35.1
<http://192.168.35.1> <http://192.168.35.1>
NetBIOS over Tcpip. . . . . . . . : Disabled
C:\>c"
Any help please? Thanks
T
On 12/4/06, Jim Harrison < Jim@xxxxxxxxxxxx
<mailto:Jim@xxxxxxxxxxxx> <mailto:Jim@xxxxxxxxxxxx> > wrote:
You're not giving the error codes provided by Outlook.
Using that, you can search MSKB and very often discover your answer.
You also haven't provided any alerts or error events from your ISA.
Does *any* traffic flow through ISA?
What is the ISA ipconfig/all?
What is the test client ipconfig/all?
From: isalist-bounce@xxxxxxxxxxxxx
<mailto:isalist-bounce@xxxxxxxxxxxxx> <mailto:isalist-bounce@xxxxxxxxxxxxx>
[mailto: isalist-bounce@xxxxxxxxxxxxx <mailto: isalist-bounce@xxxxxxxxxxxxx
<mailto:isalist-bounce@xxxxxxxxxxxxx> > ] On Behalf Of Tee Darling
Sent: Monday, December 04, 2006 3:59 AM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Verizon DSL and ISA Server 2004 Problem!!!
ISA Gurus,
I just added a Verizon DLS box (Westel 327W) to my network and now
I can't send any e-mail out. Here is the configuration:
I have 2 NICs in my ISA Server 2004. The internal NIC has the IP
range 192.168.35.0 <http://192.168.35.0> <http://192.168.35.0> thru
192.168.35.254 <http://192.168.35.254> <http://192.168.35.254> . The
External NIC is connected to the Verizon DSL box. The DSL box gives out the
DHCP IP range 192.168.1.15 <http://192.168.1.15> <http://192.168.1.15>
thru 192.168.1. 47. I have assigned 192.168.1.3 <http://192.168.1.3>
<http://192.168.1.3> <http://192.168.1.3> to the NIC that is connected to
the DSL . This DSL box by default allows all traffic to exit without
any interferance. I have configured port forwarding for example port
25, port 443, port 110 etc to the appropriate box. I can receive e-mail
on my Exchange Server 2003 without any difficulty but whenever I send
email out from one of my workstations, the email ends up in the queue on the
server and just sits there. Anything I am missing here?
Next, I am a little bit confused as to what kind of route
configuration I need to setup between my internal LAN and the DSL IP range
or if one would like to call it the DMZ. I am not sure if I can call the
area of the DSL IP range as the DMZ. Or would that area be part of the
External network? My plan is to add a 3rd NIC and assign the IP range
10.0.0.0 <http://10.0.0.0> <http://10.0.0.0> thru 10.x.x.254 and call that
zone the DMZ. I haven't done this yet so I am not worry about it now. My
main problem is how to configure the ISA firewall again to let the email go
out from my Exchange Server 2003 box. I just had this problem when I
switched from my cable provider to the DSL provider. I never had this
problem with my cable box which wasn't given out any private IP addresses
out.
I am also having problem making my verizon mail go out from my
internal LAN from one of my machine which has Outlook 2003. Here are the
errors I get from this workstation:
1). Find incoming mail server (POP3): Outlok could not connect to
the incoming mail server (POP3). The problem could be the server name or
port, or your server may not support SSL. Verify your port and SSl settings
in More Settings under the Advanced tab.
2). Find outgoing mail server (SMTP): Outlok could not connect to
the outgoing mail server (POP3). The problem could be the server name or
port, or your server may not support SSL. Verify your port and SSl settings
in More Settings under the Advanced tab.
3). Log onto incoming mail server (POP3): The specified server was
found, but there was no response from the server. Please verify that th
eport and SSL informatoin is correct. To access these settings close the
dialog, then click More Settings and click on the Advanced tab.
4). Find incoming mail server (POP3): Outlok could not connect to
the incoming mail server (POP3). The problem could be the server name or
port, or your server may not support SSL. Verify your port and SSl settings
in More Settings under the Advanced tab.
Any help will be greatly appreciated.
Thanks.
Tee
All mail to and from this domain is GFI-scanned.
------------------------------------------------------
List Archives: //www.freelists.org/archives/isalist/
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/
ISA Server Blogs: http://blogs.isaserver.org/
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
Report abuse to listadmin@xxxxxxxxxxxxx
Other related posts:
