Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Citrix client pb

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2000 Firewall] >> SecureNAT Client >> Citrix client pb Page: [1] 2   next >   >>
Login
Message << Older Topic   Newer Topic >>
Citrix client pb - 28.Jan.2004 6:32:00 PM   
cyrillec

 

Posts: 20
Joined: 12.Aug.2002
From: France
Status: offline 		Hi All,

I have a Back to Back configuration with 2 ISA servers. LAN clients are SecureNAT clients. I want my LAN clients can access to a Citrix Server on Internet. I have installed Citrix clients and I can not connect to the Citrix Server.

The Citrix server administrator tells me that connexions use TCP 1494 port and UDP 1604 port.

I make on the 2 ISA servers :
Protocol Def : TCP 1494 Outbond
Protocol Def : UDP 1604 Send / Receive
Packet Filter : TCP 1494 Outbond - Local all ports, distant Fixed 1494

Telnet xxx.xxx.xxx.xxx 1494 is OK

I try too Packet Filter : UDP 1604 Send / Receive - Local all ports, distant Fixed 1604

Nothing works.

Thanks in advance,
Cyrille
Post #: 1
RE: Citrix client pb - 20.Feb.2004 1:26:00 PM   
xlagerwaard

 

Posts: 22
Joined: 28.Jul.2003
From: Netherlands
Status: offline 		Hi,

Install the firewall client and it should work fine.

If installing the firewall client is not an option, perhaps this document will help.
http://www.isaserver.org/tutorials/Citrix_ICA_Browser_Access.html

Greetz,
Xander Lagerwaard

[ February 20, 2004, 01:29 PM: Message edited by: Xander Lagerwaard ]

(in reply to cyrillec)
Post #: 2
RE: Citrix client pb - 20.Feb.2004 2:04:00 PM   
spouseele

 

Posts: 12782
Joined: 1.Jun.2001
From: Belgium
Status: offline 		Hi Cyrille,

the ICA protocol uses TCP port 1494 outbound. The UDP port 1604 send/receive protocol is used for the Citrix farm browsing (which server to connect to for which application). So, your protocol definition seems to be good. However, creating IP packet filters will *not* help you to get outbound access! [Big Grin]

I suggest you try first from a host on the DMZ segment (the segment between both ISA servers). What is the ISA firewall log telling you in this case?

HTH,
Stefaan

(in reply to cyrillec)
Post #: 3
RE: Citrix client pb - 20.Feb.2004 2:38:00 PM   
cyrillec

 

Posts: 20
Joined: 12.Aug.2002
From: France
Status: offline 		Hi,

Thanks for you reply Stefaan, I think too that IP packet filter is not helpfull for me but...
I have allready do the test from the DMZ and it's OK.
I don't see where is the problem but I can look in the ISA logs (ISA between DMZ and LAN).

Thanks,
Cyrille

(in reply to cyrillec)
Post #: 4
RE: Citrix client pb - 20.Feb.2004 6:59:00 PM   
spouseele

 

Posts: 12782
Joined: 1.Jun.2001
From: Belgium
Status: offline 		Hi Cyrille,

so from a DMZ host you can access the Citrix server. That's good! How was the DMZ host configured: as a SecureNAT client?

You can easily test your outbound and inbound rules with Jim's excellent WinsockTool. For more info, check out http://www.isaserver.org/Jim_Harrison/ . Of course always check out the ISA logs too.

HTH,
Stefaan

(in reply to cyrillec)
Post #: 5
RE: Citrix client pb - 23.Feb.2004 10:05:00 AM   
cyrillec

 

Posts: 20
Joined: 12.Aug.2002
From: France
Status: offline 		Yes I can access the Citrix server from a DMZ host. This host is a SecureNAT client.

Here are the logs from ISA (ISA between DMZ and LAN).
123.45.67.161 to 123.45.67.165 are Citrix servers on Internet.
172.19.2.78 is Citrix client, SecureNAT client on the LAN.

IPPEXT
2004-02-20 14:06:44 172.19.2.78 123.45.67.163 ICMP 3 3 BLOCKED 172.16.0.254
2004-02-20 14:06:44 172.19.2.78 123.45.67.161 ICMP 3 3 BLOCKED 172.16.0.254
2004-02-20 14:06:44 172.19.2.78 123.45.67.165 ICMP 3 3 BLOCKED 172.16.0.254
2004-02-20 14:06:44 172.19.2.78 123.45.67.164 ICMP 3 3 BLOCKED 172.16.0.254
2004-02-20 14:06:44 172.19.2.78 123.45.67.163 ICMP 3 3 BLOCKED 172.16.0.254
2004-02-20 14:06:44 172.19.2.78 123.45.67.164 ICMP 3 3 BLOCKED 172.16.0.254
2004-02-20 14:06:44 172.19.2.78 123.45.67.165 ICMP 3 3 BLOCKED 172.16.0.254

FWSEXTD
172.19.2.78 - - 2004-02-20 14:05:08 SRVISALAN - - - - - - 0 UDP Bind 0 1522 15728
172.19.2.78 - - 2004-02-20 14:05:17 SRVISALAN - 123.45.67.162 1604 9156 - - 1604 UDP UdpMap 0 1522 15728
172.19.2.78 - - 2004-02-20 14:05:26 SRVISALAN - 123.45.67.164 1604 9063 - - 1604 UDP UdpMap 0 1522 15728
172.19.2.78 - - 2004-02-20 14:05:53 SRVISALAN - 123.45.67.165 1604 36797 - - 1604 UDP UdpMap 0 1522 15728
172.19.2.78 - - 2004-02-20 14:06:19 SRVISALAN - 123.45.67.163 1604 61797 - - 1604 UDP UdpMap 0 1522 15728
172.19.2.78 - - 2004-02-20 14:06:43 SRVISALAN - 123.45.67.161 1604 86797 - - 1604 UDP UdpMap 0 1522 15728
172.19.2.78 - - 2004-02-20 14:07:45 SRVISALAN - 123.45.67.164 1604 148156 90 144 1604 UDP UdpMap 20000 1522 15728
172.19.2.78 - - 2004-02-20 14:07:45 SRVISALAN - 123.45.67.165 1604 148156 90 144 1604 UDP UdpMap 20000 1522 15728
172.19.2.78 - - 2004-02-20 14:07:45 SRVISALAN - 123.45.67.163 1604 148156 90 144 1604 UDP UdpMap 20000 1522 15728
172.19.2.78 - - 2004-02-20 14:07:45 SRVISALAN - 123.45.67.162 1604 157312 90 96 1604 UDP UdpMap 20000 1522 15728
172.19.2.78 - - 2004-02-20 14:07:45 SRVISALAN - 123.45.67.161 1604 148156 60 96 1604 UDP UdpMap 20000 1522 15728
172.19.2.78 - - 2004-02-20 14:07:45 SRVISALAN - - - 157312 420 624 0 UDP Bind 20001 1522 15728

It seems to be an ICMP problem. What must I do ?

Cyrille.

(in reply to cyrillec)
Post #: 6
RE: Citrix client pb - 23.Feb.2004 10:38:00 AM   
cyrillec

 

Posts: 20
Joined: 12.Aug.2002
From: France
Status: offline 		There is an error from my last post :
You must read 172.19.2.254 rather than 172.16.0.254.
And 172.19.2.254 is ISA IP on LAN

Sorry,
Cyrille.

(in reply to cyrillec)
Post #: 7
RE: Citrix client pb - 24.Feb.2004 11:00:00 PM   
spouseele

 

Posts: 12782
Joined: 1.Jun.2001
From: Belgium
Status: offline 		Hi Cyrille,

I suggest you first try a 'telnet citrix_server 1494' because it is somewhat easier to determine the problem area with TCP connections.

Also, if you post an excerpt of the ISA logs, please make sure you enable the logging of ALL fields, the format is set to ISA format and you post them unmodified. It makes reading the logs much more comfortable.

HTH,
Stefaan

(in reply to cyrillec)
Post #: 8
RE: Citrix client pb - 25.Feb.2004 6:18:00 AM   
alfalfa6945

 

Posts: 12
Joined: 20.Dec.2003
Status: offline
quote:
Originally posted by Cyrille Chalier:
Yes I can access the Citrix server from a DMZ host. This host is a SecureNAT client.

Here are the logs from ISA (ISA between DMZ and LAN).
123.45.67.161 to 123.45.67.165 are Citrix servers on Internet.
172.19.2.78 is Citrix client, SecureNAT client on the LAN.
I have to ask one thing, is the client machine's default gateway set to the ip of the internal or external ISA server?

quote:
IPPEXT
2004-02-20 14:06:44 172.19.2.78 123.45.67.163 ICMP 3 3 BLOCKED 172.16.0.254]

It seems to be an ICMP problem. What must I do ?
Something is seriously wrong, as you shouldn't be generating ICMP when you fire an ICA session. What should you do? Uninstall the firewall client on the client machine, then look to your LAT and routing on both ISA servers [Wink]

quote:
FWSEXTD
Is it me or is there something just not right about a SecureNAT client generating this logfile?

(in reply to cyrillec)
Post #: 9
RE: Citrix client pb - 25.Feb.2004 12:16:00 PM   
cyrillec

 

Posts: 20
Joined: 12.Aug.2002
From: France
Status: offline 		Hi all,

Sory for the logs.
In fact it's not one Citrix Server that I want to connect to, it's one among five :
citrix_server_1 : 123.45.67.161
citrix_server_2 : 123.45.67.162
citrix_server_3 : 123.45.67.163
citrix_server_4 : 123.45.67.164
citrix_server_5 : 123.45.67.165

The telnet command is OK :
'telnet citrix_server_1 1494' returns ^^ICA^^ICA^^...
'telnet citrix_server_2 1494' returns ^^ICA^^ICA^^...
'telnet citrix_server_3 1494' returns ^^ICA^^ICA^^...
'telnet citrix_server_4 1494' returns ^^ICA^^ICA^^...
'telnet citrix_server_5 1494' returns ^^ICA^^ICA^^...

The client machine's default gateway is set to the ip of the internal ISA server.

Internet - ISAWEB - DMZ - ISALAN - LAN

DMZ : 172.16.0.0 / 255.255.255.0
LAN : 172.19.0.0 / 255.255.0.0

ISALAN IP : 172.16.0.254 and 172.19.2.254
LAN Client IP : 172.19.2.78
LAN Client GW : 172.19.2.254
No firewall client on LAN client

IPPEXT
2004-02-20 14:06:44 172.19.2.78 123.45.67.163 ICMP 3 3 BLOCKED 172.16.0.254
2004-02-20 14:06:44 172.19.2.78 123.45.67.161 ICMP 3 3 BLOCKED 172.16.0.254
2004-02-20 14:06:44 172.19.2.78 123.45.67.165 ICMP 3 3 BLOCKED 172.16.0.254
2004-02-20 14:06:44 172.19.2.78 123.45.67.164 ICMP 3 3 BLOCKED 172.16.0.254
2004-02-20 14:06:44 172.19.2.78 123.45.67.163 ICMP 3 3 BLOCKED 172.16.0.254
2004-02-20 14:06:44 172.19.2.78 123.45.67.164 ICMP 3 3 BLOCKED 172.16.0.254
2004-02-20 14:06:44 172.19.2.78 123.45.67.165 ICMP 3 3 BLOCKED 172.16.0.254

It's blocked by 172.16.0.254 but not by 172.19.2.254 (it's the same machine I know), it's correct ?

Thanks,
Cyrille

(in reply to cyrillec)
Post #: 10
RE: Citrix client pb - 25.Feb.2004 5:19:00 PM   
alfalfa6945

 

Posts: 12
Joined: 20.Dec.2003
Status: offline 		Cyrille, could you post your settings in the server location setup in the citrix client, you can use an arbitrary ip address for the citrix server you are trying to connect to.

(in reply to cyrillec)
Post #: 11
RE: Citrix client pb - 25.Feb.2004 5:55:00 PM   
cyrillec

 

Posts: 20
Joined: 12.Aug.2002
From: France
Status: offline 		Citrix client settings

Connexion type : LAN
Auto detection of network protocol
Servers exploration :
- network protocol : TCP/IP
- addresses spool : 123.45.67.161, 123.45.67.162, 123.45.67.163, 123.45.67.164 and 123.45.67.165
Firewall settings :
- use secondary address for the firewall connexion
- without proxy

Cyrille.

(in reply to cyrillec)
Post #: 12
RE: Citrix client pb - 25.Feb.2004 11:15:00 PM   
alfalfa6945

 

Posts: 12
Joined: 20.Dec.2003
Status: offline
quote:
Originally posted by Cyrille Chalier:
Connexion type : LAN
When you made your first post, you had implied that the citrix server was on the internet. Is this still the case or is it behind one of the ISA servers on your network? Just curious, as if the server is on the internet, we may want to set it to WAN (in this case it would be more for esthetics, as it will still work either way)

quote:
Firewall settings :
- use secondary address for the firewall
I just have to confirm with you why you are using this setting. Are you using this setting because the citrix server you are connecting with is also behind a firewall (which would be correct) or are you using this setting because you are behind a firewall (which would be incorrect [Wink] ?

Also, what ICA client/version are you using?

[ February 25, 2004, 11:20 PM: Message edited by: alfalfa6945 ]

(in reply to cyrillec)
Post #: 13
RE: Citrix client pb - 26.Feb.2004 9:02:00 AM   
cyrillec

 

Posts: 20
Joined: 12.Aug.2002
From: France
Status: offline 		Hi,

1 - Yes, the Citrix server is on the Internet
2 - The Citrix client configuration is imposed to me by the Citrix server administrator (who does not belong to my company).
3 - Program Neighborhood version is 7.00.17771

Thanks to all,
Cyrille.

(in reply to cyrillec)
Post #: 14
RE: Citrix client pb - 26.Feb.2004 5:11:00 PM   
alfalfa6945

 

Posts: 12
Joined: 20.Dec.2003
Status: offline 		Cyrille, the ip addresses 172.16.0.254 and 172.19.2.254 are your internal ISA server ip addresses? What is the LAT entry on this machine as well as the external machine?
Are your protocol rules set to limit what protocols the clients can use?

I am trying to "break" my own setup to see if I can generate the ICMP errors you are getting, but so far no luck.

Wonder if one day when I'm learned enough I'll see this question on 70-227 [Smile]

(in reply to cyrillec)
Post #: 15
RE: Citrix client pb - 26.Feb.2004 5:38:00 PM   
cyrillec

 

Posts: 20
Joined: 12.Aug.2002
From: France
Status: offline 		Yes, 172.16.0.254 and 172.19.2.254 are my internal ISA server ( ISALAN ) ip addresses.

LAT on internal ISA ( ISALAN ) : from 172.19.0.0 to 172.19.255.255
LAT on external ISA ( ISAWEB ) : from 172.16.0.0 to 172.16.0.255

No protocol rule restriction for clients (all IP traffic, always, all requests are authorized).

Thanks for your help alfalfa6945, I hope too that It can help you.

Cyrille.

(in reply to cyrillec)
Post #: 16
RE: Citrix client pb - 27.Feb.2004 12:12:00 AM   
spouseele

 

Posts: 12782
Joined: 1.Jun.2001
From: Belgium
Status: offline 		Hi Cyrille,

what do we know so far?

Accessing the ICA port on the remote Citrix server is working (TCP 1494). What seems not to work is the ICA browsing (UDP 1604).

According to the IP packet log, the internal host (172.19.2.78) is trying to send out an ICMP type 3 (destination unreachable) code 3 (port unreachable) to the Citrix server (123.45.67.16x) and that is blocked by the ISA external interface (172.16.0.254) because there is probably no IP packet filter allowing that traffic. However, if that internal host is the ICA client you are testing from then the question is why does that internal client try to send out that ICMP message in the first place?

To find it out, take a network monitor trace on the inner ISA internal interface. Another method is to make sure that you enabled the logging of ALL fields and that the log format is set to ISA format. In the Header and Payload field of the IP packet filter log you should find enough information to determine which IP packet triggered that ICMP message.

HTH,
Stefaan

(in reply to cyrillec)
Post #: 17
RE: Citrix client pb - 27.Feb.2004 9:46:00 AM   
cyrillec

 

Posts: 20
Joined: 12.Aug.2002
From: France
Status: offline 		Hi all,

Here are IPPEXT logs from internal ISA :
2004-02-27 08:21:47 172.16.0.254 123.45.67.161 Udp 1270 137 - ALLOWED 172.16.0.254 45 00 00 4e ad b8 00 00 80 11 00 00 ac 10 00 fe c3 19 51 a1 04 f6 00 89 00 3a 10 e3
2004-02-27 08:21:48 172.16.0.254 123.45.67.161 Udp 1270 137 - ALLOWED 172.16.0.254 45 00 00 4e ad b9 00 00 80 11 00 00 ac 10 00 fe c3 19 51 a1 04 f6 00 89 00 3a 10 e1
2004-02-27 08:21:50 172.16.0.254 123.45.67.161 Udp 1270 137 - ALLOWED 172.16.0.254 45 00 00 4e ad f5 00 00 80 11 00 00 ac 10 00 fe c3 19 51 a1 04 f6 00 89 00 3a 10 df
2004-02-27 08:21:50 172.16.0.254 123.45.67.161 Udp 1270 137 - ALLOWED 172.16.0.254 45 00 00 4e ae 02 00 00 80 11 00 00 ac 10 00 fe c3 19 51 a1 04 f6 00 89 00 3a 10 dd
2004-02-27 08:21:52 172.16.0.254 123.45.67.161 Udp 1270 137 - ALLOWED 172.16.0.254 45 00 00 4e ae 03 00 00 80 11 00 00 ac 10 00 fe c3 19 51 a1 04 f6 00 89 00 3a 10 db
2004-02-27 08:21:53 172.16.0.254 123.45.67.161 Udp 1270 137 - ALLOWED 172.16.0.254 45 00 00 4e ae 0d 00 00 80 11 00 00 ac 10 00 fe c3 19 51 a1 04 f6 00 89 00 3a 10 d9
2004-02-27 08:21:55 172.16.0.254 123.45.67.161 Udp 38512 1604 - ALLOWED 172.16.0.254 45 00 00 3a ae 77 00 00 80 11 00 00 ac 10 00 fe c3 19 51 a1 96 70 06 44 00 26 d4 13
2004-02-27 08:21:55 172.16.0.254 123.45.67.162 Udp 1271 137 - ALLOWED 172.16.0.254 45 00 00 4e ae b2 00 00 80 11 00 00 ac 10 00 fe c3 19 51 a2 04 f7 00 89 00 3a 10 d5
2004-02-27 08:21:55 123.45.67.161 172.16.0.254 Udp 1604 38512 - ALLOWED 172.16.0.254 45 00 00 4c ea c9 00 00 80 11 8e 0e c3 19 51 a1 ac 10 00 fe 06 44 96 70 00 38 c4 61 30 00 02 31 02 fd a8 e3 02 00 06 44
2004-02-27 08:21:56 172.16.0.254 123.45.67.162 Udp 1271 137 - ALLOWED 172.16.0.254 45 00 00 4e af 7d 00 00 80 11 00 00 ac 10 00 fe c3 19 51 a2 04 f7 00 89 00 3a 10 d3
2004-02-27 08:21:58 172.16.0.254 123.45.67.162 Udp 1271 137 - ALLOWED 172.16.0.254 45 00 00 4e bd a5 00 00 80 11 00 00 ac 10 00 fe c3 19 51 a2 04 f7 00 89 00 3a 10 d1
2004-02-27 08:21:59 172.16.0.254 123.45.67.162 Udp 1271 137 - ALLOWED 172.16.0.254 45 00 00 4e c0 18 00 00 80 11 00 00 ac 10 00 fe c3 19 51 a2 04 f7 00 89 00 3a 10 cf
2004-02-27 08:22:01 172.16.0.254 123.45.67.162 Udp 1271 137 - ALLOWED 172.16.0.254 45 00 00 4e c0 26 00 00 80 11 00 00 ac 10 00 fe c3 19 51 a2 04 f7 00 89 00 3a 10 cd
2004-02-27 08:22:02 172.16.0.254 123.45.67.162 Udp 1271 137 - ALLOWED 172.16.0.254 45 00 00 4e c7 44 00 00 80 11 00 00 ac 10 00 fe c3 19 51 a2 04 f7 00 89 00 3a 10 cb
2004-02-27 08:22:04 172.16.0.254 123.45.67.163 Udp 1272 137 - ALLOWED 172.16.0.254 45 00 00 4e c7 54 00 00 80 11 00 00 ac 10 00 fe c3 19 51 a3 04 f8 00 89 00 3a 10 c7
2004-02-27 08:22:06 172.16.0.254 123.45.67.163 Udp 1272 137 - ALLOWED 172.16.0.254 45 00 00 4e c7 5c 00 00 80 11 00 00 ac 10 00 fe c3 19 51 a3 04 f8 00 89 00 3a 10 c5
2004-02-27 08:22:08 172.16.0.254 123.45.67.163 Udp 1272 137 - ALLOWED 172.16.0.254 45 00 00 4e c7 63 00 00 80 11 00 00 ac 10 00 fe c3 19 51 a3 04 f8 00 89 00 3a 10 c3
2004-02-27 08:22:10 172.16.0.254 123.45.67.163 Udp 1272 137 - ALLOWED 172.16.0.254 45 00 00 4e c7 a3 00 00 80 11 00 00 ac 10 00 fe c3 19 51 a3 04 f8 00 89 00 3a 10 c1
2004-02-27 08:22:11 172.16.0.254 123.45.67.163 Udp 1272 137 - ALLOWED 172.16.0.254 45 00 00 4e c8 24 00 00 80 11 00 00 ac 10 00 fe c3 19 51 a3 04 f8 00 89 00 3a 10 bf
2004-02-27 08:22:13 172.16.0.254 123.45.67.163 Udp 1272 137 - ALLOWED 172.16.0.254 45 00 00 4e c8 25 00 00 80 11 00 00 ac 10 00 fe c3 19 51 a3 04 f8 00 89 00 3a 10 bd
2004-02-27 08:22:14 172.16.0.254 123.45.67.165 Udp 1273 137 - ALLOWED 172.16.0.254 45 00 00 4e c8 46 00 00 80 11 00 00 ac 10 00 fe c3 19 51 a5 04 f9 00 89 00 3a 10 b8
2004-02-27 08:22:16 172.16.0.254 123.45.67.165 Udp 1273 137 - ALLOWED 172.16.0.254 45 00 00 4e c8 4f 00 00 80 11 00 00 ac 10 00 fe c3 19 51 a5 04 f9 00 89 00 3a 10 b6
2004-02-27 08:22:17 172.16.0.254 123.45.67.165 Udp 1273 137 - ALLOWED 172.16.0.254 45 00 00 4e c8 50 00 00 80 11 00 00 ac 10 00 fe c3 19 51 a5 04 f9 00 89 00 3a 10 b4
2004-02-27 08:22:19 172.16.0.254 123.45.67.165 Udp 1273 137 - ALLOWED 172.16.0.254 45 00 00 4e c8 51 00 00 80 11 00 00 ac 10 00 fe c3 19 51 a5 04 f9 00 89 00 3a 10 b2
2004-02-27 08:22:20 172.16.0.254 123.45.67.165 Udp 1273 137 - ALLOWED 172.16.0.254 45 00 00 4e c8 69 00 00 80 11 00 00 ac 10 00 fe c3 19 51 a5 04 f9 00 89 00 3a 10 b0
2004-02-27 08:22:22 172.16.0.254 123.45.67.165 Udp 1273 137 - ALLOWED 172.16.0.254 45 00 00 4e c8 75 00 00 80 11 00 00 ac 10 00 fe c3 19 51 a5 04 f9 00 89 00 3a 10 ae
2004-02-27 08:22:24 172.16.0.254 123.45.67.164 Udp 1274 137 - ALLOWED 172.16.0.254 45 00 00 4e c8 7f 00 00 80 11 00 00 ac 10 00 fe c3 19 51 a4 04 fa 00 89 00 3a 10 ac
2004-02-27 08:22:25 172.16.0.254 123.45.67.164 Udp 1274 137 - ALLOWED 172.16.0.254 45 00 00 4e c8 8a 00 00 80 11 00 00 ac 10 00 fe c3 19 51 a4 04 fa 00 89 00 3a 10 aa
2004-02-27 08:22:27 172.16.0.254 123.45.67.164 Udp 1274 137 - ALLOWED 172.16.0.254 45 00 00 4e c8 9b 00 00 80 11 00 00 ac 10 00 fe c3 19 51 a4 04 fa 00 89 00 3a 10 a8
2004-02-27 08:22:28 172.16.0.254 123.45.67.164 Udp 1274 137 - ALLOWED 172.16.0.254 45 00 00 4e c8 b5 00 00 80 11 00 00 ac 10 00 fe c3 19 51 a4 04 fa 00 89 00 3a 10 a6
2004-02-27 08:22:30 172.16.0.254 123.45.67.164 Udp 1274 137 - ALLOWED 172.16.0.254 45 00 00 4e c8 f1 00 00 80 11 00 00 ac 10 00 fe c3 19 51 a4 04 fa 00 89 00 3a 10 a4
2004-02-27 08:22:31 172.16.0.254 123.45.67.164 Udp 1274 137 - ALLOWED 172.16.0.254 45 00 00 4e c9 25 00 00 80 11 00 00 ac 10 00 fe c3 19 51 a4 04 fa 00 89 00 3a 10 a2
2004-02-27 08:22:33 172.16.0.254 123.45.67.162 Udp 38512 1604 - ALLOWED 172.16.0.254 45 00 00 3a c9 8c 00 00 80 11 00 00 ac 10 00 fe c3 19 51 a2 96 70 06 44 00 26 d4 12
2004-02-27 08:22:33 172.16.0.254 123.45.67.163 Udp 38512 1604 - ALLOWED 172.16.0.254 45 00 00 3a c9 8d 00 00 80 11 00 00 ac 10 00 fe c3 19 51 a3 96 70 06 44 00 26 d4 11
2004-02-27 08:22:33 172.16.0.254 123.45.67.165 Udp 38512 1604 - ALLOWED 172.16.0.254 45 00 00 3a c9 8e 00 00 80 11 00 00 ac 10 00 fe c3 19 51 a5 96 70 06 44 00 26 d4 0f
2004-02-27 08:22:33 172.16.0.254 123.45.67.164 Udp 38512 1604 - ALLOWED 172.16.0.254 45 00 00 3a c9 8f 00 00 80 11 00 00 ac 10 00 fe c3 19 51 a4 96 70 06 44 00 26 d4 10
2004-02-27 08:22:33 172.16.0.254 123.45.67.162 Udp 38512 1604 - ALLOWED 172.16.0.254 45 00 00 3a c9 90 00 00 80 11 00 00 ac 10 00 fe c3 19 51 a2 96 70 06 44 00 26 d4 12
2004-02-27 08:22:33 172.16.0.254 123.45.67.162 Udp 38512 1604 - ALLOWED 172.16.0.254 45 00 00 3a c9 91 00 00 80 11 00 00 ac 10 00 fe c3 19 51 a2 96 70 06 44 00 26 d4 12
2004-02-27 08:22:33 172.16.0.254 123.45.67.164 Udp 38512 1604 - ALLOWED 172.16.0.254 45 00 00 3a c9 92 00 00 80 11 00 00 ac 10 00 fe c3 19 51 a4 96 70 06 44 00 26 d4 10
2004-02-27 08:22:33 172.16.0.254 123.45.67.165 Udp 38512 1604 - ALLOWED 172.16.0.254 45 00 00 3a c9 93 00 00 80 11 00 00 ac 10 00 fe c3 19 51 a5 96 70 06 44 00 26 d4 0f
2004-02-27 08:22:33 172.16.0.254 123.45.67.163 Udp 38512 1604 - ALLOWED 172.16.0.254 45 00 00 3a c9 94 00 00 80 11 00 00 ac 10 00 fe c3 19 51 a3 96 70 06 44 00 26 d4 11
2004-02-27 08:22:33 172.16.0.254 123.45.67.161 Udp 38512 1604 - ALLOWED 172.16.0.254 45 00 00 3a c9 95 00 00 80 11 00 00 ac 10 00 fe c3 19 51 a1 96 70 06 44 00 26 d4 13
2004-02-27 08:22:33 172.16.0.254 123.45.67.161 Udp 38512 1604 - ALLOWED 172.16.0.254 45 00 00 3a c9 96 00 00 80 11 00 00 ac 10 00 fe c3 19 51 a1 96 70 06 44 00 26 d4 13
2004-02-27 08:22:33 172.16.0.254 123.45.67.163 Udp 38512 1604 - ALLOWED 172.16.0.254 45 00 00 3a c9 97 00 00 80 11 00 00 ac 10 00 fe c3 19 51 a3 96 70 06 44 00 26 d4 11
2004-02-27 08:22:33 172.16.0.254 123.45.67.165 Udp 38512 1604 - ALLOWED 172.16.0.254 45 00 00 3a c9 98 00 00 80 11 00 00 ac 10 00 fe c3 19 51 a5 96 70 06 44 00 26 d4 0f
2004-02-27 08:22:33 172.16.0.254 123.45.67.164 Udp 38512 1604 - ALLOWED 172.16.0.254 45 00 00 3a c9 99 00 00 80 11 00 00 ac 10 00 fe c3 19 51 a4 96 70 06 44 00 26 d4 10
2004-02-27 08:22:33 123.45.67.162 172.16.0.254 Udp 1604 38512 - ALLOWED 172.16.0.254 45 00 00 4c f1 31 00 00 80 11 87 a5 c3 19 51 a2 ac 10 00 fe 06 44 96 70 00 38 c4 5f 30 00 02 31 02 fd a8 e3 02 00 06 44
2004-02-27 08:22:33 123.45.67.163 172.16.0.254 Udp 1604 38512 - ALLOWED 172.16.0.254 45 00 00 4c f1 32 00 00 80 11 87 a3 c3 19 51 a3 ac 10 00 fe 06 44 96 70 00 38 c4 5d 30 00 02 31 02 fd a8 e3 02 00 06 44
2004-02-27 08:22:33 123.45.67.162 172.16.0.254 Udp 1604 38512 - ALLOWED 172.16.0.254 45 00 00 4c f1 33 00 00 80 11 87 a3 c3 19 51 a2 ac 10 00 fe 06 44 96 70 00 38 c4 5f 30 00 02 31 02 fd a8 e3 02 00 06 44
2004-02-27 08:22:33 172.19.2.78 123.45.67.162 ICMP 3 3 - BLOCKED 172.16.0.254 45 00 00 38 04 ae 00 00 80 01 72 fb ac 12 02 4e c3 19 51 a2 03 03 9d 02 00 00 00 00 45 00 00 4c c9 9c 00 00 80 11 ad e8 c3 19 51 a2 ac 12 02 4e 06 44 04 61 00 38 55 1d
2004-02-27 08:22:33 123.45.67.163 172.16.0.254 Udp 1604 38512 - ALLOWED 172.16.0.254 45 00 00 4c f1 34 00 00 80 11 87 a1 c3 19 51 a3 ac 10 00 fe 06 44 96 70 00 38 c4 5d 30 00 02 31 02 fd a8 e3 02 00 06 44
2004-02-27 08:22:33 172.19.2.78 123.45.67.163 ICMP 3 3 - BLOCKED 172.16.0.254 45 00 00 38 04 af 00 00 80 01 72 f9 ac 12 02 4e c3 19 51 a3 03 03 9d 04 00 00 00 00 45 00 00 4c c9 9d 00 00 80 11 ad e6 c3 19 51 a3 ac 12 02 4e 06 44 04 61 00 38 55 1b
2004-02-27 08:22:33 123.45.67.165 172.16.0.254 Udp 1604 38512 - ALLOWED 172.16.0.254 45 00 00 4c f1 35 00 00 80 11 87 9e c3 19 51 a5 ac 10 00 fe 06 44 96 70 00 38 c4 59 30 00 02 31 02 fd a8 e3 02 00 06 44
2004-02-27 08:22:33 123.45.67.164 172.16.0.254 Udp 1604 38512 - ALLOWED 172.16.0.254 45 00 00 4c f1 36 00 00 80 11 87 9e c3 19 51 a4 ac 10 00 fe 06 44 96 70 00 38 c4 5b 30 00 02 31 02 fd a8 e3 02 00 06 44
2004-02-27 08:22:33 123.45.67.161 172.16.0.254 Udp 1604 38512 - ALLOWED 172.16.0.254 45 00 00 4c f1 37 00 00 80 11 87 a0 c3 19 51 a1 ac 10 00 fe 06 44 96 70 00 38 c4 61 30 00 02 31 02 fd a8 e3 02 00 06 44
2004-02-27 08:22:33 172.19.2.78 123.45.67.161 ICMP 3 3 - BLOCKED 172.16.0.254 45 00 00 38 04 b2 00 00 80 01 72 f8 ac 12 02 4e c3 19 51 a1 03 03 9d 00 00 00 00 00 45 00 00 4c c9 a0 00 00 80 11 ad e5 c3 19 51 a1 ac 12 02 4e 06 44 04 61 00 38 55 1f
2004-02-27 08:22:33 123.45.67.162 172.16.0.254 Udp 1604 38512 - ALLOWED 172.16.0.254 45 00 00 4c f1 38 00 00 80 11 87 9e c3 19 51 a2 ac 10 00 fe 06 44 96 70 00 38 c4 5f 30 00 02 31 02 fd a8 e3 02 00 06 44
2004-02-27 08:22:33 172.19.2.78 123.45.67.162 ICMP 3 3 - BLOCKED 172.16.0.254 45 00 00 38 04 b3 00 00 80 01 72 f6 ac 12 02 4e c3 19 51 a2 03 03 9d 02 00 00 00 00 45 00 00 4c c9 a1 00 00 80 11 ad e3 c3 19 51 a2 ac 12 02 4e 06 44 04 61 00 38 55 1d
2004-02-27 08:22:33 123.45.67.163 172.16.0.254 Udp 1604 38512 - ALLOWED 172.16.0.254 45 00 00 4c f1 39 00 00 80 11 87 9c c3 19 51 a3 ac 10 00 fe 06 44 96 70 00 38 c4 5d 30 00 02 31 02 fd a8 e3 02 00 06 44
2004-02-27 08:22:33 172.19.2.78 123.45.67.163 ICMP 3 3 - BLOCKED 172.16.0.254 45 00 00 38 04 b4 00 00 80 01 72 f4 ac 12 02 4e c3 19 51 a3 03 03 9d 04 00 00 00 00 45 00 00 4c c9 a2 00 00 80 11 ad e1 c3 19 51 a3 ac 12 02 4e 06 44 04 61 00 38 55 1b
2004-02-27 08:22:33 123.45.67.161 172.16.0.254 Udp 1604 38512 - ALLOWED 172.16.0.254 45 00 00 4c f1 3a 00 00 80 11 87 9d c3 19 51 a1 ac 10 00 fe 06 44 96 70 00 38 c4 61 30 00 02 31 02 fd a8 e3 02 00 06 44
2004-02-27 08:22:33 172.19.2.78 123.45.67.161 ICMP 3 3 - BLOCKED 172.16.0.254 45 00 00 38 04 b5 00 00 80 01 72 f5 ac 12 02 4e c3 19 51 a1 03 03 9d 00 00 00 00 00 45 00 00 4c c9 a3 00 00 80 11 ad e2 c3 19 51 a1 ac 12 02 4e 06 44 04 61 00 38 55 1f
2004-02-27 08:22:33 123.45.67.164 172.16.0.254 Udp 1604 38512 - ALLOWED 172.16.0.254 45 00 00 4c f1 3b 00 00 80 11 87 99 c3 19 51 a4 ac 10 00 fe 06 44 96 70 00 38 c4 5b 30 00 02 31 02 fd a8 e3 02 00 06 44
2004-02-27 08:22:33 172.19.2.78 123.45.67.164 ICMP 3 3 - BLOCKED 172.16.0.254 45 00 00 38 04 b6 00 00 80 01 72 f1 ac 12 02 4e c3 19 51 a4 03 03 9d 06 00 00 00 00 45 00 00 4c c9 a4 00 00 80 11 ad de c3 19 51 a4 ac 12 02 4e 06 44 04 61 00 38 55 19
2004-02-27 08:22:33 123.45.67.165 172.16.0.254 Udp 1604 38512 - ALLOWED 172.16.0.254 45 00 00 4c f1 3c 00 00 80 11 87 97 c3 19 51 a5 ac 10 00 fe 06 44 96 70 00 38 c4 59 30 00 02 31 02 fd a8 e3 02 00 06 44
2004-02-27 08:22:33 172.19.2.78 123.45.67.165 ICMP 3 3 - BLOCKED 172.16.0.254 45 00 00 38 04 b7 00 00 80 01 72 ef ac 12 02 4e c3 19 51 a5 03 03 9d 08 00 00 00 00 45 00 00 4c c9 a5 00 00 80 11 ad dc c3 19 51 a5 ac 12 02 4e 06 44 04 61 00 38 55 17
2004-02-27 08:22:33 123.45.67.165 172.16.0.254 Udp 1604 38512 - ALLOWED 172.16.0.254 45 00 00 4c f1 3d 00 00 80 11 87 96 c3 19 51 a5 ac 10 00 fe 06 44 96 70 00 38 c4 59 30 00 02 31 02 fd a8 e3 02 00 06 44
2004-02-27 08:22:33 172.19.2.78 123.45.67.165 ICMP 3 3 - BLOCKED 172.16.0.254 45 00 00 38 04 b8 00 00 80 01 72 ee ac 12 02 4e c3 19 51 a5 03 03 9d 08 00 00 00 00 45 00 00 4c c9 a6 00 00 80 11 ad db c3 19 51 a5 ac 12 02 4e 06 44 04 61 00 38 55 17
2004-02-27 08:22:33 123.45.67.164 172.16.0.254 Udp 1604 38512 - ALLOWED 172.16.0.254 45 00 00 4c f1 3e 00 00 80 11 87 96 c3 19 51 a4 ac 10 00 fe 06 44 96 70 00 38 c4 5b 30 00 02 31 02 fd a8 e3 02 00 06 44
2004-02-27 08:22:33 172.19.2.78 123.45.67.164 ICMP 3 3 - BLOCKED 172.16.0.254 45 00 00 38 04 b9 00 00 80 01 72 ee ac 12 02 4e c3 19 51 a4 03 03 9d 06 00 00 00 00 45 00 00 4c c9 a7 00 00 80 11 ad db c3 19 51 a4 ac 12 02 4e 06 44 04 61 00 38 55 19
2004-02-27 08:22:34 172.16.0.8 172.16.0.201 Tcp 1027 6500 PSH ACK ALLOWED 172.16.0.254 45 00 00 6c 93 ab 40 00 80 06 0d ef ac 10 00 08 ac 10 00 c9 04 03 19 64 a7 9e e4 43 a1 ca 49 82 50 18 f6 18 d9 bb 00 00
2004-02-27 08:22:34 172.16.0.201 172.16.0.8 Tcp 6500 1027 PSH ACK ALLOWED 172.16.0.254 45 00 01 40 c9 a9 40 00 80 06 00 00 ac 10 00 c9 ac 10 00 08 19 64 04 03 a1 ca 49 82 a7 9e e4 87 50 18 fb 92 82 72 00 00
2004-02-27 08:22:34 172.16.0.8 172.16.0.201 Tcp 1027 6500 PSH ACK ALLOWED 172.16.0.254 45 00 00 3c 93 ac 40 00 80 06 0e 1e ac 10 00 08 ac 10 00 c9 04 03 19 64 a7 9e e4 87 a1 ca 4a 9a 50 18 fa f0 0e f3 00 00
2004-02-27 08:22:34 172.16.0.201 172.16.0.8 Tcp 6500 1027 PSH ACK ALLOWED 172.16.0.254 45 00 00 35 c9 ab 40 00 80 06 00 00 ac 10 00 c9 ac 10 00 08 19 64 04 03 a1 ca 4a 9a a7 9e e4 9b 50 18 fb 7e c7 96 00 00
2004-02-27 08:22:34 172.16.0.8 172.16.0.201 Tcp 1027 6500 PSH ACK ALLOWED 172.16.0.254 45 00 00 37 93 ad 40 00 80 06 0e 22 ac 10 00 08 ac 10 00 c9 04 03 19 64 a7 9e e4 9b a1 ca 4a a7 50 18 fa e3 76 5c 00 00
2004-02-27 08:22:34 172.16.0.201 172.16.0.8 Tcp 6500 1027 PSH ACK ALLOWED 172.16.0.254 45 00 00 33 c9 ad 40 00 80 06 00 00 ac 10 00 c9 ac 10 00 08 19 64 04 03 a1 ca 4a a7 a7 9e e4 aa 50 18 fb 6f f7 bc 00 00
2004-02-27 08:22:34 172.16.0.8 172.16.0.201 Tcp 1027 6500 ACK ALLOWED 172.16.0.254 45 00 00 28 93 ae 40 00 80 06 0e 30 ac 10 00 08 ac 10 00 c9 04 03 19 64 a7 9e e4 aa a1 ca 4a b2 50 10 fa d8 c5 dc 00 00
2004-02-27 08:22:36 172.16.0.8 172.16.0.201 Tcp 1031 6500 PSH ACK ALLOWED 172.16.0.254 45 00 01 2d 93 b6 40 00 80 06 0d 23 ac 10 00 08 ac 10 00 c9 04 07 19 64 a7 b5 6d a7 a1 dd aa a8 50 18 fa d8 cd f4 00 00
2004-02-27 08:22:36 172.16.0.201 172.16.0.8 Tcp 6500 1031 PSH ACK ALLOWED 172.16.0.254 45 00 01 64 c9 e5 40 00 80 06 00 00 ac 10 00 c9 ac 10 00 08 19 64 04 07 a1 dd aa a8 a7 b5 6e ac 50 18 ff ff 78 d4 00 00
2004-02-27 08:22:36 172.16.0.8 172.16.0.201 Tcp 1031 6500 PSH ACK ALLOWED 172.16.0.254 45 00 00 3c 93 b7 40 00 80 06 0e 13 ac 10 00 08 ac 10 00 c9 04 07 19 64 a7 b5 6e ac a1 dd ab e4 50 18 f9 9c 24 aa 00 00
2004-02-27 08:22:36 172.16.0.201 172.16.0.8 Tcp 6500 1031 PSH ACK ALLOWED 172.16.0.254 45 00 00 35 c9 e7 40 00 80 06 00 00 ac 10 00 c9 ac 10 00 08 19 64 04 07 a1 dd ab e4 a7 b5 6e c0 50 18 ff eb d7 8c 00 00
2004-02-27 08:22:36 172.16.0.8 172.16.0.201 Tcp 1031 6500 PSH ACK ALLOWED 172.16.0.254 45 00 00 37 93 b8 40 00 80 06 0e 17 ac 10 00 08 ac 10 00 c9 04 07 19 64 a7 b5 6e c0 a1 dd ab f1 50 18 f9 8f 8c 13 00 00
2004-02-27 08:22:36 172.16.0.201 172.16.0.8 Tcp 6500 1031 PSH ACK ALLOWED 172.16.0.254 45 00 00 33 c9 e9 40 00 80 06 00 00 ac 10 00 c9 ac 10 00 08 19 64 04 07 a1 dd ab f1 a7 b5 6e cf 50 18 ff dc 07 b3 00 00
2004-02-27 08:22:36 172.16.0.8 172.16.0.201 Tcp 1031 6500 ACK ALLOWED 172.16.0.254 45 00 00 28 93 b9 40 00 80 06 0e 25 ac 10 00 08 ac 10 00 c9 04 07 19 64 a7 b5 6e cf a1 dd ab fc 50 10 f9 84 db 93 00 00
2004-02-27 08:22:39 172.16.0.8 172.16.0.201 Tcp 1027 6500 PSH ACK ALLOWED 172.16.0.254 45 00 00 6c 93 be 40 00 80 06 0d dc ac 10 00 08 ac 10 00 c9 04 03 19 64 a7 9e e4 aa a1 ca 4a b2 50 18 fa d8 d3 63 00 00
2004-02-27 08:22:39 172.16.0.201 172.16.0.8 Tcp 6500 1027 PSH ACK ALLOWED 172.16.0.254 45 00 01 40 cb 72 40 00 80 06 00 00 ac 10 00 c9 ac 10 00 08 19 64 04 03 a1 ca 4a b2 a7 9e e4 ee 50 18 fb 2b 81 42 00 00
2004-02-27 08:22:39 172.16.0.8 172.16.0.201 Tcp 1027 6500 PSH ACK ALLOWED 172.16.0.254 45 00 00 3c 93 bf 40 00 80 06 0e 0b ac 10 00 08 ac 10 00 c9 04 03 19 64 a7 9e e4 ee a1 ca 4b ca 50 18 f9 c0 0e 8b 00 00
2004-02-27 08:22:39 172.16.0.201 172.16.0.8 Tcp 6500 1027 PSH ACK ALLOWED 172.16.0.254 45 00 00 35 cb 74 40 00 80 06 00 00 ac 10 00 c9 ac 10 00 08 19 64 04 03 a1 ca 4b ca a7 9e e5 02 50 18 fb 17 c6 66 00 00
2004-02-27 08:22:39 172.16.0.8 172.16.0.201 Tcp 1027 6500 PSH ACK ALLOWED 172.16.0.254 45 00 00 37 93 c0 40 00 80 06 0e 0f ac 10 00 08 ac 10 00 c9 04 03 19 64 a7 9e e5 02 a1 ca 4b d7 50 18 f9 b3 75 f4 00 00
2004-02-27 08:22:39 172.16.0.201 172.16.0.8 Tcp 6500 1027 PSH ACK ALLOWED 172.16.0.254 45 00 00 33 cb 76 40 00 80 06 00 00 ac 10 00 c9 ac 10 00 08 19 64 04 03 a1 ca 4b d7 a7 9e e5 11 50 18 fb 08 f6 8c 00 00
2004-02-27 08:22:39 172.16.0.8 172.16.0.201 Tcp 1027 6500 ACK ALLOWED 172.16.0.254 45 00 00 28 93 c1 40 00 80 06 0e 1d ac 10 00 08 ac 10 00 c9 04 03 19 64 a7 9e e5 11 a1 ca 4b e2 50 10 f9 a8 c5 75 00 00
2004-02-27 08:22:41 172.16.0.8 172.16.0.201 Tcp 1031 6500 PSH ACK ALLOWED 172.16.0.254 45 00 01 2d 93 c9 40 00 80 06 0d 10 ac 10 00 08 ac 10 00 c9 04 07 19 64 a7 b5 6e cf a1 dd ab fc 50 18 f9 84 cc cb 00 00
2004-02-27 08:22:41 172.16.0.201 172.16.0.8 Tcp 6500 1031 PSH ACK ALLOWED 172.16.0.254 45 00 01 64 cb ae 40 00 80 06 00 00 ac 10 00 c9 ac 10 00 08 19 64 04 07 a1 dd ab fc a7 b5 6f d4 50 18 fe d7 77 80 00 00
2004-02-27 08:22:41 172.16.0.8 172.16.0.201 Tcp 1031 6500 PSH ACK ALLOWED 172.16.0.254 45 00 00 3c 93 ca 40 00 80 06 0e 00 ac 10 00 08 ac 10 00 c9 04 07 19 64 a7 b5 6f d4 a1 dd ad 38 50 18 f8 48 23 81 00 00
2004-02-27 08:22:41 172.16.0.201 172.16.0.8 Tcp 6500 1031 PSH ACK ALLOWED 172.16.0.254 45 00 00 35 cb b0 40 00 80 06 00 00 ac 10 00 c9 ac 10 00 08 19 64 04 07 a1 dd ad 38 a7 b5 6f e8 50 18 fe c3 d6 38 00 00
2004-02-27 08:22:41 172.16.0.8 172.16.0.201 Tcp 1031 6500 PSH ACK ALLOWED 172.16.0.254 45 00 00 37 93 cb 40 00 80 06 0e 04 ac 10 00 08 ac 10 00 c9 04 07 19 64 a7 b5 6f e8 a1 dd ad 45 50 18 f8 3b 8a ea 00 00
2004-02-27 08:22:41 172.16.0.201 172.16.0.8 Tcp 6500 1031 PSH ACK ALLOWED 172.16.0.254 45 00 00 33 cb b2 40 00 80 06 00 00 ac 10 00 c9 ac 10 00 08 19 64 04 07 a1 dd ad 45 a7 b5 6f f7 50 18 fe b4 06 5f 00 00
2004-02-27 08:22:41 172.16.0.8 172.16.0.201 Tcp 1031 6500 ACK ALLOWED 172.16.0.254 45 00 00 28 93 cc 40 00 80 06 0e 12 ac 10 00 08 ac 10 00 c9 04 07 19 64 a7 b5 6f f7 a1 dd ad 50 50 10 f8 30 da 6b 00 00
2004-02-27 08:22:44 172.16.0.8 172.16.0.201 Tcp 1027 6500 PSH ACK ALLOWED 172.16.0.254 45 00 00 6c 93 d4 40 00 80 06 0d c6 ac 10 00 08 ac 10 00 c9 04 03 19 64 a7 9e e5 11 a1 ca 4b e2 50 18 f9 a8 d2 fb 00 00
2004-02-27 08:22:44 172.16.0.201 172.16.0.8 Tcp 6500 1027 PSH ACK ALLOWED 172.16.0.254 45 00 01 40 cb b5 40 00 80 06 00 00 ac 10 00 c9 ac 10 00 08 19 64 04 03 a1 ca 4b e2 a7 9e e5 55 50 18 fa c4 80 12 00 00
2004-02-27 08:22:44 172.16.0.8 172.16.0.201 Tcp 1027 6500 PSH ACK ALLOWED 172.16.0.254 45 00 00 3c 93 d5 40 00 80 06 0d f5 ac 10 00 08 ac 10 00 c9 04 03 19 64 a7 9e e5 55 a1 ca 4c fa 50 18 f8 90 0e 23 00 00
2004-02-27 08:22:44 172.16.0.201 172.16.0.8 Tcp 6500 1027 PSH ACK ALLOWED 172.16.0.254 45 00 00 35 cb b7 40 00 80 06 00 00 ac 10 00 c9 ac 10 00 08 19 64 04 03 a1 ca 4c fa a7 9e e5 69 50 18 fa b0 c5 36 00 00
2004-02-27 08:22:44 172.16.0.8 172.16.0.201 Tcp 1027 6500 PSH ACK ALLOWED 172.16.0.254 45 00 00 37 93 d6 40 00 80 06 0d f9 ac 10 00 08 ac 10 00 c9 04 03 19 64 a7 9e e5 69 a1 ca 4d 07 50 18 f8 83 75 8c 00 00
2004-02-27 08:22:44 172.16.0.201 172.16.0.8 Tcp 6500 1027 PSH ACK ALLOWED 172.16.0.254 45 00 00 33 cb b9 40 00 80 06 00 00 ac 10 00 c9 ac 10 00 08 19 64 04 03 a1 ca 4d 07 a7 9e e5 78 50 18 fa a1 f5 5c 00 00
2004-02-27 08:22:45 172.16.0.8 172.16.0.201 Tcp 1027 6500 ACK ALLOWED 172.16.0.254 45 00 00 28 93 d7 40 00 80 06 0e 07 ac 10 00 08 ac 10 00 c9 04 03 19 64 a7 9e e5 78 a1 ca 4d 12 50 10 f8 78 c5 0e 00 00
2004-02-27 08:22:46 172.16.0.8 172.16.0.201 Tcp 1031 6500 PSH ACK ALLOWED 172.16.0.254 45 00 01 2d 93 df 40 00 80 06 0c fa ac 10 00 08 ac 10 00 c9 04 07 19 64 a7 b5 6f f7 a1 dd ad 50 50 18 f8 30 cb a2 00 00
2004-02-27 08:22:46 172.16.0.201 172.16.0.8 Tcp 6500 1031 PSH ACK ALLOWED 172.16.0.254 45 00 01 64 cc 18 40 00 80 06 00 00 ac 10 00 c9 ac 10 00 08 19 64 04 07 a1 dd ad 50 a7 b5 70 fc 50 18 fd af 76 2c 00 00
2004-02-27 08:22:46 172.16.0.8 172.16.0.201 Tcp 1031 6500 PSH ACK ALLOWED 172.16.0.254 45 00 00 3c 93 e0 40 00 80 06 0d ea ac 10 00 08 ac 10 00 c9 04 07 19 64 a7 b5 70 fc a1 dd ae 8c 50 18 f6 f4 22 58 00 00
2004-02-27 08:22:46 172.16.0.201 172.16.0.8 Tcp 6500 1031 PSH ACK ALLOWED 172.16.0.254 45 00 00 35 cc 1a 40 00 80 06 00 00 ac 10 00 c9 ac 10 00 08 19 64 04 07 a1 dd ae 8c a7 b5 71 10 50 18 fd 9b d4 e4 00 00
2004-02-27 08:22:46 172.16.0.8 172.16.0.201 Tcp 1031 6500 PSH ACK ALLOWED 172.16.0.254 45 00 00 37 93 e1 40 00 80 06 0d ee ac 10 00 08 ac 10 00 c9 04 07 19 64 a7 b5 71 10 a1 dd ae 99 50 18 f6 e7 89 c1 00 00
2004-02-27 08:22:46 172.16.0.201 172.16.0.8 Tcp 6500 1031 PSH ACK ALLOWED 172.16.0.254 45 00 00 33 cc 1c 40 00 80 06 00 00 ac 10 00 c9 ac 10 00 08 19 64 04 07 a1 dd ae 99 a7 b5 71 1f 50 18 fd 8c 05 0b 00 00
2004-02-27 08:22:46 172.16.0.8 172.16.0.201 Tcp 1031 6500 ACK ALLOWED 172.16.0.254 45 00 00 28 93 e2 40 00 80 06 0d fc ac 10 00 08 ac 10 00 c9 04 07 19 64 a7 b5 71 1f a1 dd ae a4 50 10 f6 dc d9 43 00 00
2004-02-27 08:22:49 172.16.0.8 172.16.0.201 Tcp 1027 6500 PSH ACK ALLOWED 172.16.0.254 45 00 00 6c 93 e7 40 00 80 06 0d b3 ac 10 00 08 ac 10 00 c9 04 03 19 64 a7 9e e5 78 a1 ca 4d 12 50 18 f8 78 d2 93 00 00
2004-02-27 08:22:49 172.16.0.201 172.16.0.8 Tcp 6500 1027 PSH ACK ALLOWED 172.16.0.254 45 00 01 40 fb 18 40 00 80 06 00 00 ac 10 00 c9 ac 10 00 08 19 64 04 03 a1 ca 4d 12 a7 9e e5 bc 50 18 fa 5d 7e e2 00 00
2004-02-27 08:22:49 172.16.0.8 172.16.0.201 Tcp 1027 6500 PSH ACK ALLOWED 172.16.0.254 45 00 00 3c 93 e8 40 00 80 06 0d e2 ac 10 00 08 ac 10 00 c9 04 03 19 64 a7 9e e5 bc a1 ca 4e 2a 50 18 f7 60 0d bb 00 00
2004-02-27 08:22:49 172.16.0.201 172.16.0.8 Tcp 6500 1027 PSH ACK ALLOWED 172.16.0.254 45 00 00 35 fb 38 40 00 80 06 00 00 ac 10 00 c9 ac 10 00 08 19 64 04 03 a1 ca 4e 2a a7 9e e5 d0 50 18 ff ff be 50 00 00
2004-02-27 08:22:49 172.16.0.8 172.16.0.201 Tcp 1027 6500 PSH ACK ALLOWED 172.16.0.254 45 00 00 37 93 e9 40 00 80 06 0d e6 ac 10 00 08 ac 10 00 c9 04 03 19 64 a7 9e e5 d0 a1 ca 4e 37 50 18 f7 53 75 24 00 00
2004-02-27 08:22:49 172.16.0.201 172.16.0.8 Tcp 6500 1027 PSH ACK ALLOWED 172.16.0.254 45 00 00 33 fb 3a 40 00 80 06 00 00 ac 10 00 c9 ac 10 00 08 19 64 04 03 a1 ca 4e 37 a7 9e e5 df 50 18 ff f0 ee 76 00 00

Thanks to all,
Cyrille

(in reply to cyrillec)
Post #: 18
RE: Citrix client pb - 27.Feb.2004 11:36:00 PM   
spouseele

 

Posts: 12782
Joined: 1.Jun.2001
From: Belgium
Status: offline 		Hi Cyrille,

let's try to decode the blocked IP packet:

2004-02-27 08:22:33 172.19.2.78 123.45.67.162 ICMP 3 3 - BLOCKED 172.16.0.254

Header
45 00 00 38 : IP version 4
04 ae 00 00
80 01 72 fb : protocol = ICMP
ac 12 02 4e : src IP = 172.18.2.78
c3 19 51 a2 : dst IP = 195.25.81.162

Payload = ICMP message
03 03 9d 02 : Type = 3, Code = 3
00 00 00 00
45 00 00 4c : IP version 4
c9 9c 00 00
80 11 ad e8 : protocol = UDP
c3 19 51 a2 : src IP = 195.25.81.162
ac 12 02 4e : dst IP = 172.18.2.78
06 44 04 61 : src port = 1604 , dst port = 1121
00 38 55 1d

What does that tell us?

1) the IP addresses in the Header field does NOT correspond with what is logged in the clear. I never seen that! Did you edit the log?

2) the packet that triggered the ICMP message can be found in the Payload field. It was sent from 195.25.81.162 UDP port 1604 to 172.18.2.78 UDP port 1121.

So, either I'm blind, you have edited the log or there is something seriously wrong! Please, make your choice! [Big Grin]

HTH,
Stefaan

(in reply to cyrillec)
Post #: 19
RE: Citrix client pb - 28.Feb.2004 6:19:00 AM   
alfalfa6945

 

Posts: 12
Joined: 20.Dec.2003
Status: offline
quote:
Originally posted by spouseele:
So, either I'm blind, you have edited the log or there is something seriously wrong! Please, make your choice!
FWIW, "seriously wrong" got my vote [Big Grin]

(in reply to cyrillec)
Post #: 20

Page:   [1] 2   next >   >> << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2000 Firewall] >> SecureNAT Client >> Citrix client pb Page: [1] 2   next >   >>
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts