There's got to be something in the ISA firewall's log files that explains this. Thomas W Shinder, M.D. Site: www.isaserver.org Blog: http://blogs.isaserver.org/shinder/ Book: http://tinyurl.com/3xqb7 MVP -- Microsoft Firewalls (ISA) > -----Original Message----- > From: isapros-bounce@xxxxxxxxxxxxx [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf > Of Steve Moffat > Sent: Thursday, June 26, 2008 5:50 AM > To: ISAPros Mailing List > Subject: RE: [isapros] Re: A Strange Possibly ISA issue > > Yeah, I agree with you there Jimbo....fubarred rule no doubt. > > > S > > -----Original Message----- > From: isapros-bounce@xxxxxxxxxxxxx [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf > Of Jim Harrison > Sent: Wednesday, June 25, 2008 11:18 PM > To: ISAPros Mailing List > Subject: [isapros] Re: A Strange Possibly ISA issue > > I'm so sorry you had to experience that. > Few things tweak me harder than the "nuke it!!" method of troubleshooting. > If you have the name of the "engineer" that made this suggestion, then I'll be happy to > apply some educational assistance. > > > -----Original Message----- > From: isapros-bounce@xxxxxxxxxxxxx [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf > Of Amy Babinchak > Sent: Wednesday, June 25, 2008 2:05 PM > To: isapros@xxxxxxxxxxxxx > Subject: [isapros] Re: A Strange Possibly ISA issue > > POP email out. VPN out. For my tests I tried to Telnet to port 25 to my > server. Successful from the server. Not successful from the client PC > and the SMTP rule allows for SMTP out from any internal. The client > shows in Sessions as all 3 client types: SecureNat, Firewall and Web > Proxy. > > The client PC doesn't ever get anything back. Just withers on the vine > and Telnet responds that connection timed out. ISA log says the same > thing. > > Just got an update from the client. We brought PSS guy in and the > suggestion was to remove ISA, configure RRAS and see if the problem goes > away. It did. Client PC's are getting email. So tonight ISA will be > reinstalled and the custom rules re-created manually. As far as I can > tell something, somewhere in the ISA must have been corrupt. > > Before you ask, no SRX number. It was a private help call. > > thanks, > > Amy Babinchak > > > Harbor Computer Services |(248) 850-8616 > > Tech Blog http://securesmb.harborcomputerservices.net > Client Blog http://smalltechnotes.blogspot.com > Website http://www.harborcomputerservices.net > > Buy My House http://tinyurl.com/5gb5n8 > > > -----Original Message----- > From: isapros-bounce@xxxxxxxxxxxxx [mailto:isapros-bounce@xxxxxxxxxxxxx] > On Behalf Of Jim Harrison > Sent: Wednesday, June 25, 2008 4:37 PM > To: isapros@xxxxxxxxxxxxx > Subject: [isapros] Re: A Strange Possibly ISA issue > > I'm not clear; what other protocols are being tested and what is the > client state for these? > If it's not a web proxy request, you'll never see a "timeout packet" > (response) from ISA, since non-HTTP protocols don't generally provide > for such messaging. > > > > -----Original Message----- > From: isapros-bounce@xxxxxxxxxxxxx [mailto:isapros-bounce@xxxxxxxxxxxxx] > On Behalf Of Amy Babinchak > Sent: Wednesday, June 25, 2008 10:43 AM > To: isapros@xxxxxxxxxxxxx > Subject: [isapros] A Strange Possibly ISA issue > > I was on a call with a guy in Wyoming last night looking to see if ISA > could be the source of his problem. I concluded that it most likely > wasn't but couldn't be 100% certain. > > Here's the situation: > > ISA 2004 SP3. SBS with Windows SP2 installed. Client computers are all > running XP SP3, the Firewall client and are all members of the domain. > Checked for the chimney off-loading stuff on the server and it is all > set correctly. Ran the BPA and it comes back clean. > > Client computers are unable to access any service on the Internet except > http and https. The request for anything else results in a timeout > packet on ISA from the Internet access rule. The server does not have > this problem. The server can access any service on the Internet. > > Using NetMon I saw that the request from the client made it to the > external NIC on the server. The name of the service resolved correctly > in DNS. And then no response...it times out. > > Has me completely stumped. But since I didn't see anything wrong with > ISA, I decided it wasn't an ISA issue. What do you think? > > thanks, > > Amy Babinchak > > > Harbor Computer Services |(248) 850-8616 > > Tech Blog http://securesmb.harborcomputerservices.net > Client Blog http://smalltechnotes.blogspot.com > Website http://www.harborcomputerservices.net > > Buy My House http://tinyurl.com/5gb5n8 > > > > > > > > > > > >