[isalist] Re: Verizon DSL and ISA Server 2004 Problem!!!

  • From: Paul Noble <pnoble@xxxxxxxxxxxxxxxxxxxxxxxxxx>
  • To: "'isalist@xxxxxxxxxxxxx'" <isalist@xxxxxxxxxxxxx>
  • Date: Tue, 5 Dec 2006 11:43:42 -0000

http://www.ISAserver.org
-------------------------------------------------------
  
I did, I went back and re read you OP email... paragraphs man!

I didn't think it worth clarifying further, as steve says, it still needs
the outgoing rule on the bog standard pop3 protocol rather than pop3 server.
The pop3 server protocol should be used for publishing your own server only
and in a separate rule to any outgoing stuff (if the servers even to be
accessible outside on the internet). 

At least that's how I'd do it.

Last thing, verbosity in error reporting isnt a great thing, get to the
point asap with as focused sentences as possible, filling it with words will
just turn people off reading it, responding to people who point out errors
in your statement or diagnosis with emotive responses isnt going to help any
situation either, reread everything you have to post twice before posting,
you'd see errors like your response to tom upon review.

My experience of this list so far has actually been mostly solved before I
even clicked on 'send' due to having to lay out my problem in as logical and
'to the point' as possible language, walking myself thru the problem at hand
and writing it out has helped me solve the problems myself. Any problems
beyond that which I have posted I've later pinned down to non ISA things
anyway so the response I got was appropriate.

Paul.

-----Original Message-----
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On
Behalf Of Tee Darling
Sent: Tuesday, December 05, 2006 10:24 AM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: Verizon DSL and ISA Server 2004 Problem!!!

Paul,
Maybe if you have taken some time and read all the e-mails related to this
incident I first reported, you would have known that first, I have a mail
server sitting inside the internal LAN, and second just be'cos I am  using
Verizon DSL, I have been trying to setup Outlook 2003 on one of my
workstations to access my verizon e-mails. So now you really know what is
going on here. 

Do you have any more ideas to help make what I am trying to do here work?

Thanks.

T


On 12/5/06, Paul Noble < pnoble@xxxxxxxxxxxxxxxxxxxxxxxxxx
<mailto:pnoble@xxxxxxxxxxxxxxxxxxxxxxxxxx> > wrote:

        http://www.ISAserver.org 
        -------------------------------------------------------
        
        But tom didn't state pop3 he stated pop3 server which is pulled from
your
        rule listings you provided.
        
        Unless you're actually hosting a 'mail' server on your local lan or
even any 
        services for the internet to access you really shouldn't have any
incoming
        rules at all, the default deny incoming should trump all.
        
        If you're just a client pulling data from an isp pop3 server then
your
        outgoing rule should contact pop3 protocol NOT pop3 server protocol
which
        you stated.
        
        
        
        -----Original Message-----
        From: isalist-bounce@xxxxxxxxxxxxx [mailto:
isalist-bounce@xxxxxxxxxxxxx] On
        Behalf Of Tee Darling
        Sent: Tuesday, December 05, 2006 6:56 AM
        To: isalist@xxxxxxxxxxxxx 
        Subject: [isalist] Re: Verizon DSL and ISA Server 2004 Problem!!!
        
        Tom,
          What are you talking about now? And what is correct then? If
you're
        talking about the protocol that was allowed from the Internal
network to the 
        incoming.verizon.net host, then it was POP3 Server protocol that was
added
        and not Pop3 as you have stated here.  Thanks.
        
        
        T
        
        
        On 12/5/06, Thomas W Shinder < tshinder@xxxxxxxxxxx> wrote:
        
                Pop3 server is incorrect.
        
        
        
                From: isalist-bounce@xxxxxxxxxxxxx [mailto:
        isalist-bounce@xxxxxxxxxxxxx <mailto:isalist-bounce@xxxxxxxxxxxxx> ]
On
        Behalf Of Steve Moffat
                Sent: Monday, December 04, 2006 8:45 PM 
        
                To: ISA Mailing List
                Subject: [isalist] Re: Verizon DSL and ISA Server 2004
Problem!!!
        
        
        
                Have you any idea how to set up a mail account? It's looking
for the
        correct username and password. 
        
        
        
                Are you allowing smtp out to the mail server?
        
        
        
                Read the help....it's all covered there.
        
        
        
                S
        
        
        
                From: isalist-bounce@xxxxxxxxxxxxx
<mailto:isalist-bounce@xxxxxxxxxxxxx>  [mailto:
        isalist-bounce@xxxxxxxxxxxxx <mailto:isalist-bounce@xxxxxxxxxxxxx> ]
On 
        Behalf Of Tee Darling
                Sent: Monday, December 04, 2006 7:07 PM
                To: ISA Mailing List
                Subject: [isalist] Re: Verizon DSL and ISA Server 2004
Problem!!!
        
        
        
                I have a rule in place now to "allow" -->Selected Protocols
- POP3 
        Server --> From Internal --> incoming.verizon.net.
        
                The somehow "good news" is that when  I try to "Test Account
        Settings.." in Outlook 2003 I received the following info: 
        
                Established network connection      ---> Completed
                Find outgoing mail server (SMTP)    ---> Completed
                Find incoming mail server (POP3)   --->  Completed
                Log onto incoming mail server (POP3) ->   Failed 
                Send test e-mail message                  ->   Failed
        
                Note: Before I implemented the rule above, I was receiving
"Failed"
        through out the above test. Now I am receiving 3 "Completed" and 2
"Failed" 
        
                In addition, I received 2 errors now when I do the Test
Account
        Settings:
                1). Send test e-mail message: The specified server was
found, but
        there was no response from the server. Please verifiy that the port
and SSL 
        information is correct. To access these settings close this dialog,
then
        click More Settings and click on the Advanced tab
        
                2). Log onto incoming mail server (POP3): The specified
server was
        found, but there was no response from the server. Please verifiy
that the 
        port and SSl information is correct. To access these settings close
this
        dialog, then click More Settings and click on the Advanced tab.
        
                Someone out there may have encountered this problem before.
Any help 
        as to how this was resolved?
        
                T
        
                On 12/4/06, Thor (Hammer of God) <thor@xxxxxxxxxxxxxxx>
wrote:
        
                You need outbound 110 to the pop3 server, not inbound.
Outbound 
        from internal to incoming.verizon.net host.
        
                t
        
        
                On 12/4/06 1:23 PM, "Tee Darling" <tee.darling77@xxxxxxxxx >
spoketh
        to all:
        
                Well, I do have a rule in place for incoming POP3 from the
External
        to Internal network but I have been getting this error all the time.
        
        
                T
        
                On 12/4/06, Steve Moffat < steve@xxxxxxxxxx> wrote:
        
                Well yeeesss
        
        
        
                You need an access rule on your ISA server to allow POP3 to
the mail
        server
        
        
        
                S
        
        
        
                From: isalist-bounce@xxxxxxxxxxxxx [mailto:
        isalist-bounce@xxxxxxxxxxxxx <mailto: isalist-bounce@xxxxxxxxxxxxx
<mailto:isalist-bounce@xxxxxxxxxxxxx> 
        <mailto:isalist-bounce@xxxxxxxxxxxxx> > ] On Behalf Of Tee Darling
                Sent: Monday, December 04, 2006 4:21 PM
        
                To: ISA Mailing List 
                Subject: [isalist] Re: Verizon DSL and ISA Server 2004
Problem!!!
        
        
                This is what I received when I telnet to my ISP POP3 mail
server:
        
                "
                C:\>telnet incoming.verizon.net
<http://incoming.verizon.net>  <http://incoming.verizon.net>
        <http://incoming.verizon.net>  110
                Connecting To incoming.verizon.net...Could not open
connection to
        the host, on p
                ort 110: Connect failed
        
                C:\>
        
                Is there a rule that I have to come up with in order for
this to
        work?
        
                T
        
                On 12/4/06, Ara Avvali < Ara.Avvali@xxxxxxxxxxxxx> wrote:
        
                No he me means telnet to your isp pop mail server
        
        
        
                From: isalist-bounce@xxxxxxxxxxxxx
<mailto:isalist-bounce@xxxxxxxxxxxxx> 
        <mailto:isalist-bounce@xxxxxxxxxxxxx>
<mailto:isalist-bounce@xxxxxxxxxxxxx> 
        [mailto: isalist-bounce@xxxxxxxxxxxxx <mailto:
isalist-bounce@xxxxxxxxxxxxx
        <mailto: isalist-bounce@xxxxxxxxxxxxx
<mailto:isalist-bounce@xxxxxxxxxxxxx> > > ] On Behalf Of Tee Darling
                Sent: Monday, December 04, 2006 11:08 AM
                To: isalist@xxxxxxxxxxxxx
        
        
                Subject: [isalist] Re: Verizon DSL and ISA Server 2004
Problem!!! 
        
        
        
                If you mean, to telnet inside the LAN from a workstation to
the ISA
        box, then this is what I received when I do that....--->
        
                C:\>telnet 192.168.35.1 <http://192.168.35.1>
<http://192.168.35.1>
        110
                Connecting To 192.168.35.1...Could not open connection to
the host,
        on port 110: 
                 Connect failed
        
                C:\>
        
                T
        
                On 12/4/06, Steve Moffat < steve@xxxxxxxxxx
        <mailto:steve@xxxxxxxxxx > <mailto:steve@xxxxxxxxxx>  > wrote:
        
                Can you telnet to port 110 from your workstations?
        
        
        
                S
        
        
        
                From: isalist-bounce@xxxxxxxxxxxxx
<mailto:isalist-bounce@xxxxxxxxxxxxx> 
        <mailto:isalist-bounce@xxxxxxxxxxxxx>
<mailto:isalist-bounce@xxxxxxxxxxxxx> 
        [mailto: isalist-bounce@xxxxxxxxxxxxx <mailto:
isalist-bounce@xxxxxxxxxxxxx
        <mailto: isalist-bounce@xxxxxxxxxxxxx
<mailto:isalist-bounce@xxxxxxxxxxxxx> > > ] On Behalf Of Tee Darling
                Sent: Monday, December 04, 2006 2:15 PM
                To: ISA Mailing List
                Subject: [isalist] Re: Verizon DSL and ISA Server 2004
Problem!!! 
        
        
        
                Jim,
                  The answer to your questions is that Yes, traffic does
flow
        through ISA. All my workstations have the ISA client installed and
they
        connect to the Internet through the ISA box. The error code given by
Outlook 
        is this --> "0x80042108 Outlook is unable to connect to your
incoming POP3
        e-mail server".
                I did a search at MS knowledge base and I received KB
article
        318790. This article talks about this info: 
                SYMPTOMS
                When you start Microsoft Outlook, you may not be able to
send and
        receive messages, and you may receive the following error message:
        
                0x80042108 Outlook is unable to connect to your incoming
POP3 e-mail 
        server.
        
        
                  Error! Filename not specified.
        <#10f4f35296069fad_10f4ef63eaafe890_10f4ebf5db4c99e8_top>    Back to
the top
        <#10f4f35296069fad_10f4ef63eaafe890_10f4ebf5db4c99e8_top>
                CAUSE 
                This behavior may occur if any of the following conditions
are true:
        
        
                  *   There are corrupted files on your hard disk.
                  *   You are running Norton Personal Firewall 2002.
                  *   You are running Norton Internet Security software. 
                  *   You have installed an update to Microsoft Office.
                  *   The Norton anti-spam add-in is enabled in Outlook.
        
                Note Norton Personal Firewall 2002, Norton Internet Security
        software, and the Norton Anti-Spam add-in are supported by Symantec
Inc. 
        
        
                  Error! Filename not specified.
        <#10f4f35296069fad_10f4ef63eaafe890_10f4ebf5db4c99e8_top>    Back to
the top
        <#10f4f35296069fad_10f4ef63eaafe890_10f4ebf5db4c99e8_top>
                RESOLUTION 
                To resolve this behavior, remove your Norton Person Firewall
or
        Norton Internet Security software and then reinstall your Norton
Person
        Firewall or Norton Internet Security software.
        
                Alternatively, you can use the contact information that is
provided 
        later in this article if you need help.
        
                To remove and then reinstall Norton Person Firewall or to
remove and
        then reinstall Norton Internet Security software, follow these
steps.
        
        
        
----------------------------------------------------------------------------

        -----------------------------------------------------
        
        
                Here is the info for my Client and ISA Ipconfig /all:
        
                "Microsoft Windows XP [Version 5.1.2600]
                (C) Copyright 1985-2001 Microsoft Corp. 
        
                                      Client IPconfig /all
                C:\>ipconfig /all
        
                Windows IP Configuration
        
                        Host Name . . . . . . . . . . . . : vivace
                        Primary Dns Suffix  . . . . . . . : XXXXXXX.net
                        Node Type . . . . . . . . . . . . : Unknown
                        IP Routing Enabled. . . . . . . . : No
                        WINS Proxy Enabled. . . . . . . . : No
                        DNS Suffix Search List. . . . . . : XXXXXXX.net
        
                Ethernet adapter LAN:
        
                        Connection-specific DNS Suffix . :
                        Description . . . . . . . . . . . : Linksys LNE100TX
Fast
        Ethernet Adapt
                er(LNE100TX v4) 
                        Physical Address. . . . . . . . . :
00-03-6D-15-28-95
                        Dhcp Enabled. . . . . . . . . . . : No
                        IP Address. . . . . . . . . . . . : 192.168.35.25 
        <http://192.168.35.25> <http://192.168.35.25>
                        Subnet Mask . . . . . . . . . . . : 255.255.255.0
<http://255.255.255.0> 
        <http://255.255.255.0> <http://255.255.255.0>
                        Default Gateway . . . . . . . . . : 192.168.35.1
<http://192.168.35.1> 
        <http://192.168.35.1> <http://192.168.35.1>
                        DNS Servers . . . . . . . . . . . : 192.168.35.5
<http://192.168.35.5> 
        <http://192.168.35.5> <http://192.168.35.5>   ---> my Domain IP
        
192.168.35.1--->
        ISA box IP
        
                Ethernet adapter Connection To Verizon:
        
                        Media State . . . . . . . . . . . : Media
disconnected
                        Description . . . . . . . . . . . : CNet PRO200WL
PCI Fast 
        Ethernet Adap
                ter
                        Physical Address. . . . . . . . . :
00-08-A1-22-CE-FC
        
                C:\>
        
                                             ISA Ipconfig /all
        
                C:\>ipconfig /all 
        
                Windows IP Configuration
        
                   Host Name . . . . . . . . . . . . : ISA1
                   Primary Dns Suffix  . . . . . . . : XXXXXXXX.net
                   Node Type . . . . . . . . . . . . : Broadcast 
                   IP Routing Enabled. . . . . . . . : Yes
                   WINS Proxy Enabled. . . . . . . . : Yes
                   DNS Suffix Search List. . . . . . : XXXXXXXX.net
        
                Ethernet adapter LAN:
        
                   Connection-specific DNS Suffix  . : 
                   Description . . . . . . . . . . . : Intel(R) PRO/100
Network
        Connection
                   Physical Address. . . . . . . . . : 00-B0-D0-20-1C-DA
                   DHCP Enabled. . . . . . . . . . . : No
                   IP Address. . . . . . . . . . . . : 192.168.35.1
        <http://192.168.35.1> <http://192.168.35.1>
                   Subnet Mask . . . . . . . . . . . : 255.255.255.0
        <http://255.255.255.0> <http://255.255.255.0>
                   Default Gateway . . . . . . . . . : 
                   DNS Servers . . . . . . . . . . . : 192.168.35.1
        <http://192.168.35.1> <http://192.168.35.1> 
        
                Ethernet adapter WAN:
        
                   Connection-specific DNS Suffix  . :
                   Description . . . . . . . . . . . : Intel(R) PRO/100+
Server
        Adapter (PILA847
                0B)
                   Physical Address. . . . . . . . . : 00-D0-B7-4D-52-A4 
                   DHCP Enabled. . . . . . . . . . . : No
                   IP Address. . . . . . . . . . . . : 192.168.1.3
        <http://192.168.1.3> < http://192.168.1.3 <http://192.168.1.3> >
                   Subnet Mask . . . . . . . . . . . : 255.255.255.0
        <http://255.255.255.0> < http://255.255.255.0 <http://255.255.255.0>
>
                   Default Gateway . . . . . . . . . : 192.168.1.1
        <http://192.168.1.1> <http://192.168.1.1 >
                   DNS Servers . . . . . . . . . . . : 192.168.35.1
        <http://192.168.35.1> <http://192.168.35.1 >
                   NetBIOS over Tcpip. . . . . . . . : Disabled
        
                C:\>c"
        
        
                Any help please? Thanks
        
                T
        
                On 12/4/06, Jim Harrison < Jim@xxxxxxxxxxxx
<mailto:Jim@xxxxxxxxxxxx> 
        <mailto:Jim@xxxxxxxxxxxx> <mailto:Jim@xxxxxxxxxxxx>  > wrote:
        
                You're not giving the error codes provided by Outlook. 
        
                Using that, you can search MSKB and very often discover your
answer.
        
                You also haven't provided any alerts or error events from
your ISA.
        
                Does *any* traffic flow through ISA?
        
                What is the ISA ipconfig/all?
        
                What is the test client ipconfig/all?
        
        
        
                From: isalist-bounce@xxxxxxxxxxxxx
        <mailto: isalist-bounce@xxxxxxxxxxxxx
<mailto:isalist-bounce@xxxxxxxxxxxxx> >
<mailto:isalist-bounce@xxxxxxxxxxxxx>
        [mailto: isalist-bounce@xxxxxxxxxxxxx <mailto:
isalist-bounce@xxxxxxxxxxxxx
        <mailto:isalist-bounce@xxxxxxxxxxxxx> > ] On Behalf Of Tee Darling
                Sent: Monday, December 04, 2006 3:59 AM
                To: isalist@xxxxxxxxxxxxx
                Subject: [isalist] Verizon DSL and ISA Server 2004
Problem!!!
        
        
        
                ISA Gurus, 
                  I just added a Verizon DLS box (Westel 327W) to my network
and now
        I can't send any e-mail out. Here is the configuration:
                I have 2 NICs in my ISA Server 2004. The internal NIC has
the IP
        range 192.168.35.0 <http://192.168.35.0> <http://192.168.35.0>
thru
        192.168.35.254 <http://192.168.35.254> <http://192.168.35.254>  .
The
        External NIC is connected to the Verizon DSL box. The DSL box gives
out the 
        DHCP IP range 192.168.1.15 <http://192.168.1.15>
<http://192.168.1.15>
        thru 192.168.1. 47.  I have assigned   192.168.1.3
<http://192.168.1.3>
        <http://192.168.1.3> <http://192.168.1.3 >   to the NIC  that is
connected to
        the DSL .  This  DSL  box by default allows all  traffic to  exit
without
        any interferance.  I have  configured port  forwarding  for example
port
        25,  port 443, port 110 etc to the appropriate box.  I can  receive
e-mail 
        on  my Exchange  Server 2003  without any difficulty but whenever I
send
        email out from one of my workstations, the email ends up in the
queue on the
        server and just sits there. Anything I am missing here?
                Next, I am a little bit confused as to what kind of route 
        configuration I need to setup between my internal LAN and the DSL IP
range
        or if one would like to call it the DMZ. I am not sure if I can call
the
        area of the DSL IP range as the DMZ. Or would that area be part of
the 
        External network? My plan is to add a 3rd NIC and assign the IP
range
        10.0.0.0 <http://10.0.0.0> <http://10.0.0.0>  thru 10.x.x.254 and
call that
        zone the DMZ. I haven't done this yet so I am not worry about it
now. My
        main problem is how to configure the ISA firewall again to let the
email go
        out from my Exchange Server 2003 box. I just had this problem when I

        switched from my cable provider to the DSL provider. I never had
this
        problem with my cable box which wasn't given out any private IP
addresses
        out.
        
                I am also having problem making my verizon mail go out from
my 
        internal LAN from one of my machine which has Outlook 2003. Here are
the
        errors I get from this workstation:
        
                1). Find incoming mail server (POP3): Outlok could not
connect to
        the incoming mail server (POP3). The problem could be the server
name or 
        port, or your server may not support SSL. Verify your port and SSl
settings
        in More Settings under the Advanced tab.
        
                2). Find outgoing mail server (SMTP): Outlok could not
connect to
        the outgoing mail server (POP3). The problem could be the server
name or 
        port, or your server may not support SSL. Verify your port and SSl
settings
        in More Settings under the Advanced tab.
        
                3). Log onto incoming mail server (POP3): The specified
server was
        found, but there was no response from the server. Please verify that
th 
        eport and SSL informatoin is correct. To access these settings close
the
        dialog, then click More Settings and click on the Advanced tab.
        
                4). Find incoming mail server (POP3): Outlok could not
connect to 
        the incoming mail server (POP3). The problem could be the server
name or
        port, or your server may not support SSL. Verify your port and SSl
settings
        in More Settings under the Advanced tab.
        
                Any help will be greatly appreciated. 
        
                Thanks.
        
                Tee
        
                All mail to and from this domain is GFI-scanned.
        
        
        
        
        
        
        
        
        
        
        
        
        
        
        
        ------------------------------------------------------ 
        List Archives: //www.freelists.org/archives/isalist/
        ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp

        ISA Server Articles and Tutorials:
http://www.isaserver.org/articles_tutorials/
        ISA Server Blogs: http://blogs.isaserver.org/ 
        ------------------------------------------------------
        Visit TechGenix.com for more information about our other sites:
        http://www.techgenix.com
        ------------------------------------------------------ 
        To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
        Report abuse to listadmin@xxxxxxxxxxxxx
        
        


------------------------------------------------------
List Archives: //www.freelists.org/archives/isalist/  
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp 
ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/ 
ISA Server Blogs: http://blogs.isaserver.org/ 
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com 
------------------------------------------------------
To unsubscribe visit http://www.isaserver.org/pages/isalist.asp 
Report abuse to listadmin@xxxxxxxxxxxxx 

Other related posts: