RE: Yes, another 2004 server pub issue / stumpped. Yes, I have Tom's book

  • From: "Steve Moffat" <steve@xxxxxxxxxx>
  • To: "ISA Mailing List" <isalist@xxxxxxxxxxxxx>
  • Date: Fri, 1 Apr 2005 09:53:18 -0400

Why have you created an inbound def for port 80??

S 

-----Original Message-----
From: jlyon [mailto:jlyon@xxxxxxxxxxxxx] 
Sent: Friday, April 01, 2005 9:36 AM
To: ISA Mailing List
Subject: [isalist] Yes, another 2004 server pub issue / stumpped. Yes, I
have Tom's book

http://www.ISAserver.org

Used isa 2k for few years.
New isa 2004 install on W2k3 server as permimeter firewall.
Internal Web Server is SecureNat client to the ISA 2004 box web pub
works great ftp server pub works great created HTTP port 80 Inbound
protocol Def created Server Pub rule allowing the created protocol def
FROM/LISTNER is External and TO is private IP of web server hosting the
site.
I have the NETWORKS set to EXTERNAL and selected one of multiple
external NIC IP's that is not used in any other rules/fashion. Not even
a web listner is defined for this IP.
The same website, when accessed internally works fine.
FQDN is correct on internet DNS (same site will work if pub'd via my isa
2000 box) I have split DNS setup

Log file shows 3 attempts when I try to hit externally.....
External IP in log is that of the fqdn resolved IP that is configured on
external card of ISA.

1)DestIP correct / DestPort 80 / Prot HTTP / Denied Conn /Rule DEFAULT
RULE / Client IP correct / User annonymous / Source External / Dest.
Network BLANK / Method GET / URL shows right URL I am trying to hit

2)DestIP correct / DestPort 80 / Prot HTTP / INITIATED Conn / Rule BLANK
/ Client IP correct / User annonymous / Source External / Dest. Network
LOCALHOST / Method BLANK / URL BLANK

3) Exact same as 2 above, but "Closed Connection". Entries 2/3 are
listed as ocurring in same SECOND and are only 2 seconds after entry #1
above.

Browsing from external client and browser result is 403 forbidden.

I am baffled as to why first entry of log gives me a DENY via Defalt
Rule, but then the 2nd and 3rd entries are INITIATING and CLOSING.

I have read through Tom's 2004 book and KNOW I am setting it up right.
Can someone think of something I am missing here?

After a nice fresh install, the ONLY things I have done from a default
install is the working FTP server pub, 1 web pub, Internal clients to be
able to do DNS transfers (internal DNS between Domain controllers) and
added unrestricted Internet Acces for internal.

I know you guys get sick and tired of same ole Q's, but I have searched
Articles / Forum / Google.....find nothing to help me as to the weired
behaviour I am getting.

If someone could help, or at least point out something I have missed I
would be so greatful. I am sure it is something very simple.

ANY more information you need I will supply gladly.

Thanks so Much,
John Lyon

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com Leading
Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org Windows
Security Resource Site: http://www.windowsecurity.com/ Network Security
Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
isalist@xxxxxxxxxx To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx

The haggis is unusual in that it is neither consistently nocturnal nor diurnal, 
but instead is active at dawn and dusk (crepuscular), with occasional forays 
forth during the day and night.

Other related posts:

  1. Home
  2. isalist
  3. Archive
  4. 04-2005