Welcome to ISAserver.org
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
Incoming traffic is broken off
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
Incoming traffic is broken off - 20.Jul.2007 4:46:56 AM
|
|
|
PeterHuisman
Posts: 9
Joined: 19.Jul.2007
From: The Netherlands
Status: offline
|
I have an ISA2006 without DMZ. All traffic is redirected from the modem/router to de the ISA server. ISA is part of the domain. All outgoing traffic is configured.
Somehow I can't create web publishing rules that allow external to go to the webserver. There is no SSL, just plain HTTP. IIS on the ISA is killed. When I monitor the connection I get:
Initiated connection
Closed connection
x3
It indicates that the request comes from External (ip confirmed). It says that the connection goes from external to local (?), while the publishing rule states the webserver. No login required.
There is no rule indicated that overrides the access. The configurations I have worked on a previous ISA2004. I'm near a breakdown here ;). We have customer (test) websites that I need to publish. Does anyone know this situation (I already browsed this forum and found 1 other thread that did not help me) and know what I can do about it?
TIA
|
|
|
|
|
RE: Incoming traffic is broken off - 25.Jul.2007 3:11:18 AM
|
|
|
PeterHuisman
Posts: 9
Joined: 19.Jul.2007
From: The Netherlands
Status: offline
|
The IIS's are behind the ISA. We have an EDGE network. When an external connection tries to go to the webserver a connection is initiated (ERROR_SUCCESS) and immediatly closed (FWX_E_ABORTIVE_SHUTDOWN). The websites can be reached from the internal network.
|
|
|
|
|
RE: Incoming traffic is broken off - 25.Jul.2007 7:46:21 PM
|
|
|
tshinder
Posts: 47490
Joined: 10.Jan.2001
From: Texas
Status: offline
|
Can you give an example of one of the rules that isn't working?
Most likely, it's not an ISA Firewall problem, but maybe a networking or configuration issue.
Tom
_____________________________
Thomas W Shinder, M.D.
Sr. Consultant/Technical Writer
Prowess Consulting http://www.prowessconsulting.com/
Blog: http://blogs.isaserver.org/shinder/
GET THE NEW ISA 2006 Book!: http://tinyurl.com/2gpoo8
|
|
|
|
|
RE: Incoming traffic is broken off - 26.Jul.2007 3:53:25 AM
|
|
|
PeterHuisman
Posts: 9
Joined: 19.Jul.2007
From: The Netherlands
Status: offline
|
Weblistener:
Port 80
Authentication Basic (Delegated)
Authentication needed: no
Rule:
external link: webmail.xxx.nl
internal server: webtrix
port-bridging 80 -> 90
Allow connection from external
Pretty standard all.
The logging states:
External -> localhost, initiated connection (ERROR_SUCCESS)
External -> localhost, closed connection (FWX_E_ABORTIVE_SHUTDOWN)
--> Empty rule in logging.
The ISA runs on VS 2005 R2 (2 physical adapters)
Outgoing traffic is no problem. Surfing to port 80 on Webtrix from ISA is no problem (also tested no bridging in the rule but same result), port 90 cannot be reached from ISA.
|
|
|
|
|
RE: Incoming traffic is broken off - 26.Jul.2007 11:01:09 AM
|
|
|
tshinder
Posts: 47490
Joined: 10.Jan.2001
From: Texas
Status: offline
|
Most likely the application that you're publishing doesn't support protocol transitioning. That is to say, you'll have to listen on TCP port 90 on the ISA Firewall, or configure the application you're publishing to listen on TCP port 80.
HTH,
Tom
_____________________________
Thomas W Shinder, M.D.
Sr. Consultant/Technical Writer
Prowess Consulting http://www.prowessconsulting.com/
Blog: http://blogs.isaserver.org/shinder/
GET THE NEW ISA 2006 Book!: http://tinyurl.com/2gpoo8
|
|
|
|
|
RE: Incoming traffic is broken off - 26.Jul.2007 11:12:12 AM
|
|
|
PeterHuisman
Posts: 9
Joined: 19.Jul.2007
From: The Netherlands
Status: offline
|
Thought you would say that ;) That's why I indicated that I also tested it without bridging. The iss listened at port 80 and the ISA also on port 80.
|
|
|
|
|
RE: Incoming traffic is broken off - 27.Jul.2007 3:20:32 AM
|
|
|
PeterHuisman
Posts: 9
Joined: 19.Jul.2007
From: The Netherlands
Status: offline
|
No it didn't work, same result as with bridging
|
|
|
|
|
RE: Incoming traffic is broken off - 27.Jul.2007 9:30:26 AM
|
|
|
tshinder
Posts: 47490
Joined: 10.Jan.2001
From: Texas
Status: offline
|
Hi Peter,
It looks like your ISA Firewall configuration is broken. You need to have an external and internal interface on the ISA Firewall and the Web server needs to be behind the ISA Firewall, meaning that the ISA Firewall is in the physical path between the published Web server and the Internet.
HTH,
Tom
_____________________________
Thomas W Shinder, M.D.
Sr. Consultant/Technical Writer
Prowess Consulting http://www.prowessconsulting.com/
Blog: http://blogs.isaserver.org/shinder/
GET THE NEW ISA 2006 Book!: http://tinyurl.com/2gpoo8
|
|
|
|
|
RE: Incoming traffic is broken off - 27.Jul.2007 6:11:08 PM
|
|
|
PeterHuisman
Posts: 9
Joined: 19.Jul.2007
From: The Netherlands
Status: offline
|
The ISA has 2 interfaces (external/internal) and the webserver is behind the internal. The testmachine (to test external connections) is connected to the same hub as the external interface. The internet router is also connected to this hub. This way the ISA has access to the web but also the testmachine. The router routs webtraffic to the ISA. Somehow this configuration does not work with the testmachine connected to the hub.
|
|
|
|
|
RE: Incoming traffic is broken off - 2.Aug.2007 5:28:42 AM
|
|
|
PeterHuisman
Posts: 9
Joined: 19.Jul.2007
From: The Netherlands
Status: offline
|
Perhaps. I'll be able to look at it when I'm back from my holiday, on the 13th.
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
) --- testmachine 
