The first one is not an error - this is ISA protecting your network. The second one is a result of the request to ISA: 1 - failing to match any defined allow rule 2 - matching a defined deny rule. BTW, You need to stop "interpreting" ISA error messages - the details are often important. ISA doesn't use the phrase "Access denied by access control list" in any error page. Q1 - exactly how is the publishing rule defined (you're missing data critical to the second problem)? Q2 - exactly what application are you using to test with? Q3 - exactly where (internal, external, etc.) is the client with respect to ISA? Q4 - exactly what URL is used to test the connection? -----Original Message----- From: Ruba Al Omari [mailto:romari@xxxxxxxxxxxxxxxxx] Sent: Sunday, May 22, 2005 12:50 AM To: [ISAserver.org Discussion List] Subject: [isalist] Web publishing http://www.ISAserver.org Hi, Please I need your help in what should I do to solve the following error message when publishing a website: FWX_E_TCP_NOT_SYN_PACKET_DROPPED 0xC0040017 A non-SYN packet was dropped because it was sent by a source that does not have an established connection with the ISA Server computer. The website publishing rule has the following settings: - Forward the original host header instead of the actual one: Not selected, as it's a regular website that doesn't require to have the client's IP. - Requests appear to come from the original client: Not selected, and the ISA is natting the traffic not routing it. - The security on the published website is set to anonymous. - The weblistener is not set to authenticate. - The hardware firewall interface after the ISA is set to route mode. - When I try to access the website from outside it says: Forbidden (403) You were denied access because: Access denied by access control list. And the ISA log gives the error message above, the public IP is directly mapped to the listener on the ISA server, I followed the following document: http://www.microsoft.com/technet/prodtechnol/isa/2004/plan/publishingweb servers.mspx Thanks r. ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx All mail to and from this domain is GFI-scanned.