Weird problem with ISA 2004

  • From: Frédéric Giroux <fgiroux@xxxxxxxxxx>
  • To: "ISAserver Discussion List" <isalist@xxxxxxxxxxxxx>
  • Date: Tue, 7 Jun 2005 10:58:24 -0400

Hello All!

I'm having a weird problem with ISA 2004:

When no user is logged to ISA, it works flawlessly. As soon as I, or any user, 
log on, most inbound ports become blocked. SMTP, POP and a few others are 
blocked. HTTP and DNS keep working. No errors in logs (except for a half scan 
attak a few days ago), no sign whatsoever of what could be the cause. Windows 
event logs are free of anything suspicious.

I tried disabling the SMTP filter and the POP filter (which are blocked when 
logged on). For some obscure reason, the ports opened up again. I reactivated 
the filters, down they go. Log off... Back up again.

However, I have an activity/port monitoring scanner on an external server (A1 
Monitoring). When the filters were turned off, it started having all kind of 
troubles monitoring the local server. It would say that he server was down 
despite the fact that it was responding fine using Telnet. After I re-enabled 
the filters, A1 Monitoring started working fine again (after I logged off of 
course ;-) ).

FYI, the SMTP filter is on but not configured. I use Brightmail so I have no 
use for it.

The symptoms, more precisely, are as follow:

It's like if the routing was incorrect. I mean that when I Telnet port 25 from 
a remote computer, I get a connection but no reply (the smtp banner doesn't 
show). I tried to monitor the connection from withing ISA and it is as if no 
reply was sent to the remote computer.

I don't know what could be the cause of this. I did not make much changes 
before it happened but I must add that this ISA has been up for only 45 days. I 
noticed the problem 10 days ago.

Rules are fine. If they were the problem, it wouldn't work while logged out 
(unless MS is hidding something :-))) ).

Thanks for any help you can provide.

Fred

_____________________________________
Frederic Giroux, technical director
Niveau3 inc.
IT Consultants
fgiroux@xxxxxxxxxx
www.niveau3.ca
514-352-4782 (ext. 223)
514-352-9126 (fax)
866-477-4782 (toll free)

Other related posts:

  • » Weird problem with ISA 2004
  1. Home
  2. isalist
  3. Archive
  4. 06-2005