Welcome to ISAserver.org
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
Access rule set to allow traffic, but traffic is still denied
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
Access rule set to allow traffic, but traffic is still ... - 2.Nov.2006 5:01:11 AM
|
|
|
quantarc
Posts: 4
Joined: 2.Nov.2006
Status: offline
|
Hi all,
I'm new to this ISA stuff and have learned everything I know from setting it up this weekend so be patient with me please :)
My setup is this:
We have our internal network connected to an ISA 2006 server on NIC xxx.xxx.10.1. It's other NIC xxx.xxx.1.2 is connected to a router - xxx.xxx.1.1.
We have a webserver also connected to the router - xxx.xxx.1.10.
The problem I am having is the webserver needs to send SQL queries back and forth to a server within the internal network.
I managed to get the requests to the xxx.xxx.1.2 NIC on the ISA server, by letting the router route the packets to it.
When I check the log in ISA it comes up as denied from xxx.xxx.1.10 (web server) to xxx.xxx.10.25 (sql server), which is fair enough.
So I created an access rule to allow traffic on the port that is being denied to be allowed. This didn''t work and the port continued to be blocked. I tried amending this access rule all day yesterday and have used every possible combination of options in my power.
I even found an IP filtering option that may have been denying routed packets, I turned this off and it still didn't work.
My question is, why would ISA server continue to deny packets, even when an access rule is specifically set up to allow them.
I've had no other problem with my rules, so this isn't my first attempt of setting the rules up.
Would someone be kind enough to explain what ISA is doing?
Without this one of our web systems cant function and it's really important.
Thanks a lot
|
|
|
|
|
RE: Access rule set to allow traffic, but traffic is st... - 2.Nov.2006 5:38:21 AM
|
|
|
Guest
|
Hi quantarc,
how are define the two networks and what is the network relationship between them?
|
|
|
|
|
RE: Access rule set to allow traffic, but traffic is st... - 2.Nov.2006 6:46:54 AM
|
|
|
quantarc
Posts: 4
Joined: 2.Nov.2006
Status: offline
|
Hi Adrian,
Our router is our gateway to the outside world, this is 000.000.1.1 (example IP).
Our web server is on the same subnet as this router, this is 000.000.1.10.
Our ISA server connects this subnet using an NIC with 000.000.1.2, to our internal network with an NIC of 000.000.10.1.
The relationship between the two networks is that one is public and one is private. i.e
Web packets are allowed passed the router into web server.
VPN is bypassed by the router to the ISA server.
Therefore the web server wasn't able to connect to a server on the internal network, because 1) the router was stopping it, and two the ISA server would have stopped it if the router didn't.
So I've manually routed the SQL Server protocols on the router to the ISA server.
So now the web server can talk to the ISA server.
I want to allow these packets to go through ISA an into our internal network (temporary measure until an MSSQL db is converted to mysql - which is proving to be a pain in the .....)
ISA is obviously blocking these packets. So a rule was set up to allow the packets, but ISA server continues to block.
I dont really know how to explain the situation anymore, I thought the problem maybe with some sort of built in filter that isa has to protect from people accidentally applying such a rule :).
But as I've only picked this up from the weekend I really don't know.
I've tried everything in my power to allow the packet, but it continues to be denied.
Thanks
|
|
|
|
|
RE: Access rule set to allow traffic, but traffic is st... - 2.Nov.2006 7:35:41 AM
|
|
|
Guest
|
if I get this right:
ISA external: x.x.1.x
ISA internal:x.x.10.x
this means that you have a nat relationship between internal and external.
that's why you have to publish your sql server not to use the access rule.
use the publish rule to allow the web server to connect to the sql server.
optionally: it would be better to host the web server in a dmz with ISA server.
|
|
|
|
|
RE: Access rule set to allow traffic, but traffic is st... - 3.Nov.2006 3:58:39 AM
|
|
|
quantarc
Posts: 4
Joined: 2.Nov.2006
Status: offline
|
Thanks for the reply,
I only have two network cards on the ISA server, one for external and one for internal, so I don't think I can do a DMZ can I?
Could you explain how to publish my web server to talk to my Sql server please?
I did try yesterday but it continues to deny the packets.
Thank you
|
|
|
|
|
RE: Access rule set to allow traffic, but traffic is st... - 6.Nov.2006 4:02:23 AM
|
|
|
quantarc
Posts: 4
Joined: 2.Nov.2006
Status: offline
|
Hi,
I followed the article word for word but still no joy. Im going to have to put sql server on a windows box outside the isa server and let the web server connect to that.
Thank you for all your input, much appreciated.
|
|
|
|
|
RE: Access rule set to allow traffic, but traffic is st... - 6.Nov.2006 5:21:14 AM
|
|
|
Guest
|
Hi, take care of security issues when doing this.
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
