RE: Web publishing

• From: "Jim Harrison" <Jim@xxxxxxxxxxxx>
• To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
• Date: Sun, 22 May 2005 06:23:44 -0700

The first one is not an error - this is ISA protecting your network.
The second one is a result of the request to ISA:
1 - failing to match any defined allow rule
2 - matching a defined deny rule.

BTW, You need to stop "interpreting" ISA error messages - the details
are often important.  ISA doesn't use the phrase "Access denied by
access control list" in any error page.

Q1 - exactly how is the publishing rule defined (you're missing data
critical to the second problem)?
Q2 - exactly what application are you using to test with?
Q3 - exactly where (internal, external, etc.) is the client with respect
to ISA?
Q4 - exactly what URL is used to test the connection?


-----Original Message-----
From: Ruba Al Omari [mailto:romari@xxxxxxxxxxxxxxxxx] 
Sent: Sunday, May 22, 2005 12:50 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] Web publishing

http://www.ISAserver.org


Hi,

Please I need your help in what should I do to solve the following error
message when publishing a website:

 

FWX_E_TCP_NOT_SYN_PACKET_DROPPED

0xC0040017

A non-SYN packet was dropped because it was sent by a source that does
not have an established connection with the ISA Server computer.

 

The website publishing rule has the following settings:

-          Forward the original host header instead of the actual one:
Not selected, as it's a regular website that doesn't require to have the
client's IP.

-          Requests appear to come from the original client: Not
selected, and the ISA is natting the traffic not routing it.

-          The security on the published website is set to anonymous.

-          The weblistener is not set to authenticate.

-          The hardware firewall interface after the ISA is set to route
mode.

-           

When I try to access the website from outside it says:

 

Forbidden (403)

You were denied access because: 

Access denied by access control list. 

 

And the ISA log gives the error message above, the public IP is directly
mapped to the listener on the ISA server,

 

I followed the following document:

http://www.microsoft.com/technet/prodtechnol/isa/2004/plan/publishingweb
servers.mspx

 

Thanks

r.

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx 

All mail to and from this domain is GFI-scanned.

Other related posts:

• » Web publishing
• » Re: Web publishing
• » Re: Web publishing
• » Re: Web publishing
• » Web publishing
• » RE: Web publishing
• » RE: Web publishing
• » RE: Web publishing
• » RE: Web publishing
• » Web publishing
• » Web publishing
• » [isalist] Web publishing- Joey Ng
• » [isalist] Re: Web publishing- Jim Harrison

1. Home
2. isalist
3. Archive
4. 05-2005

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---