Welcome to ISAserver.org
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
Can view Some Website but not others
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
Can view Some Website but not others - 17.Jun.2008 7:02:16 AM
|
|
|
jutler
Posts: 1
Joined: 17.Jun.2008
Status: offline
|
Hello,
I am relatively new to ISA servers and I am having issues. First a bit on our setup:
We currently have 2 sets of CISCO ASA security devices. One facing our external connection and one facing our internal network. Between these two firewalls sits our DMZ. In the DMZ we are planning to deploy about 10 servers, most of which are web servers. We have also within the DMZ installed our ISA server.
Web request go through the internal Cisco ASA to the ISA server in the DMZ which then goes out through the external ASA. All traffic from the LAN is allowed through to the DMZ. This seems to be working as there are some sites which I can get to without any problems. However there are some website which the ISA server just denies.
For example, with the ISA server as my proxy, I can browse www.cisco.com fine. The website loads and I can click on links etc. However, if I try to browse to either www.google.co.uk or www.microsoft.com, I get a MSN live search window with the website listed in the search results. However when I click the link, the ISA server denies the request.
When I go to monitoring on the ISA server and click on the logging tab, I can see that my PC's IP address is the source and the internal interface of the ISA (one connected to the internal ASA) is listed in red with port 8080, protocol HTTP and the action as denied connection (there are some of these even when browsing to websites which are successful). The client username is mostly anonymous against the denied requests but there are a few with my username listed. If the websites are allowed through, the events are marked in green with my domain\username besides them all but any part of the websites which is denied have anonymous listed against it.
I have deleted and recreated policy rules but I keep getting this error. I have been working on it for about 2 days now with no progress. Any help in this would be most appreciated.
Thanks
< Message edited by jutler -- 17.Jun.2008 7:08:42 AM >
|
|
|
|
|
RE: Can view Some Website but not others - 19.Jun.2008 11:26:58 AM
|
|
|
IanC
Posts: 186
Joined: 11.Jul.2007
From: UK
Status: offline
|
Denied requests from anonymous users is normal. What error message does the client get?
Also, could you provide some more info about the network configuration? In particular, whether or not connections through the two Cisco's and the ISA server are NAT'd, the ISA's DNS settings etc.
Thanks
Ian
_____________________________
Ian Currie
http://www.curriecomputing.com
|
|
|
|
|
RE: Can view Some Website but not others - 19.Jun.2008 12:56:13 PM
|
|
|
pwindell
Posts: 752
Joined: 12.Apr.2004
From: Taylorville, IL
Status: offline
|
protocol HTTP and the action as denied connection (there are some of these even when browsing to websites which are successful).
Some anonymous denies are normal.
Connections start out as anonymous until they are denied and the ISA requests authentication,...the browser then provides the credentials then the connection continues.
I don't know about the rest of your post.
_____________________________
Phillip Windell
www.wandtv.com
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
