We have tried ISA 2004, ISA 2006, and Forefront on server 2008. We previously had our web site on IIS 5 with windows 2000 server, but we now host it on IIS 7 with Windows Server 2008 x64. I have also tried binding IIS to port 85 as well as 80 and telling ISA to forward to port 85. Same problem.
We are one step away from abandoning ISA forever.
Please, is there any way to fix this?
Thanks in advance.
Here is the log text: ___________________________________________________________ Closed Connection FIREWALL2 8/25/2009 6:03:20 AM
Log type: Firewall service Status: A connection was abortively closed after one of the peers sent an RST packet. Source: External (184.108.40.206:64517) Destination: Local Host (220.127.116.11:80) Protocol: HTTP
Number of bytes sent: 128 Number of bytes received: 48 Processing time: 0ms Original Client IP: 18.104.22.168
This issue was resolved by modifying the IDS on our Cisco 3640 router. This was the culprit:
5123 WWW Host: field overflow Compound/Attack Triggers if web traffic is detected sending an abnormally large GET request with a large host field.
1.) The problem only effected Internet Explorer, all other browsers worked fine. 2.) The problem only existed if ISA was between IIS and IE. 3.) Changing the 'ip audit attack action alarm drop reset' to 'ip audit attack action alarm' solved the issue because IDS is no longer dropping packets. This opens a new can of worms that hopefully an upgrade to IOS 2.4(24)T will solve.
As noted by Steve and others -- it was never an ISA firewall issues. I think once people get it into their heads that 98.6% of the time it's not an ISA firewall issue, they can more quickly get to the root cause.
Good to hear you got it working and thanks for the follow up!