Welcome to ISAserver.org
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
Server publishing rule failed
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
Server publishing rule failed - 2.Oct.2008 4:49:54 PM
|
|
|
fres
Posts: 15
Joined: 22.Jun.2008
Status: offline
|
Hi
I am geting the following error message and I can not connect to the Server I am publishing.
Server publishing rule failed because there was no valid network listener. For requests to reach the published server there must be a network relationship between the selected listener networks and the published server
I also got this error message
a non sync packet was dropped because it was sent by a source that does not have an established connection with the isa server
I have ISA 2004 standard and 2 NIC cards.
The publishing rules and fire wall rules are shown here
Internal DNS to Dns Fowarders properties
all users
action allow
ptotocols: DNS
From Internal DNS server to Local Host
All Open
action: allow
ptotocols: all outbound traffic
From: Internal
To: external
users: all users
Server publishing rule
action: allow
traffic: real time messaging
from anywhere
to 10.3.157.14
networks: external
requests for this puslished server: requests appear to come from the ISA server
Server Publishing rule SPR HTTPS
action: allow
traffic
Allow network traffic using the following protocol
HTTPS SERVER
from External
to 10.3.157.14
networks external
I have the following network relationships
Internal to External NAT
Exteranl to Internal NAT
Internet Access NAT Internal to External
VPN clients to Internal
I started out by using the Edge Fire Wall Template.
I have read that there is a problem with my Network configurations but I don't see how I can change them.
Any help woutl be very much appreciated.
|
|
|
|
|
RE: Server publishing rule failed - 2.Oct.2008 5:41:37 PM
|
|
|
Jason Jones
Posts: 2139
Joined: 30.Jul.2002
From: United Kingdom
Status: online
|
In terms of the DNS rule, you cannot use server publsihing in this way.
You will need to create appropriate DNS access rules to achieve what you need...
Cheers
JJ
_____________________________
Jason Jones (MVP)
Silversands Limited http://www.silversands.co.uk
My Blog: http://blog.msfirewall.org.uk/
Get our NEW ISA 2006 Book!: http://tinyurl.com/2gpoo8
|
|
|
|
|
RE: Server publishing rule failed - 2.Oct.2008 6:00:43 PM
|
|
|
Rotorblade
Posts: 973
Joined: 27.Feb.2007
Status: offline
|
quote:
I have the following network relationships
Internal to External NAT
Exteranl to Internal NAT
Internet Access NAT Internal to External
Do you have the default rule - Local Host to all networks Route?
External to Internal NAT - Is that a rule you added?
Internal to External NAT - That's a duplicate rule to Internet Access network rule.
RB
_____________________________
David Melvin
Ohio
MCSE: Security 2003, MCSA:Security 2003
|
|
|
|
|
RE: Server publishing rule failed - 2.Oct.2008 6:09:09 PM
|
|
|
Rotorblade
Posts: 973
Joined: 27.Feb.2007
Status: offline
|
quote:
Server Publishing rule SPR HTTPS
action: allow
traffic
Allow network traffic using the following protocol
HTTPS SERVER
from External
to 10.3.157.14
networks external
Any reason why your not using secure Web publishing over server publishing?
And just to verify, you do have two or more NIC's installed and configured?
RB
_____________________________
David Melvin
Ohio
MCSE: Security 2003, MCSA:Security 2003
|
|
|
|
|
RE: Server publishing rule failed - 2.Oct.2008 6:13:01 PM
|
|
|
Rotorblade
Posts: 973
Joined: 27.Feb.2007
Status: offline
|
quote:
I have ISA 2004 standard and 2 NIC cards.
Disregard on the two NIC question, Sorry, missed it.
_____________________________
David Melvin
Ohio
MCSE: Security 2003, MCSA:Security 2003
|
|
|
|
|
RE: Server publishing rule failed - 2.Oct.2008 6:26:04 PM
|
|
|
Rotorblade
Posts: 973
Joined: 27.Feb.2007
Status: offline
|
Just another observation:
In placing your FW rules, best practice is to place your server and web publishing rules at the top of the order, followed by access rules for server specific functions, (DNS, etc….) then explicit deny rules next, (looks like this won’t apply to you since you’re allowing “all open access” which is something I would not recommend doing. ) followed by any allow access rules and lastly, the default deny rule.
HTH
RB
_____________________________
David Melvin
Ohio
MCSE: Security 2003, MCSA:Security 2003
|
|
|
|
|
RE: Server publishing rule failed - 2.Oct.2008 8:26:35 PM
|
|
|
fres
Posts: 15
Joined: 22.Jun.2008
Status: offline
|
quote:
ORIGINAL: Rotorblade
quote:
I have the following network relationships
Internal to External NAT
Exteranl to Internal NAT
Internet Access NAT Internal to External
Do you have the default rule - Local Host to all networks Route?
External to Internal NAT - Is that a rule you added?
Internal to External NAT - That's a duplicate rule to Internet Access network rule.
RB
Yes I added the External to Internal Rule. Is it not correct?
|
|
|
|
|
RE: Server publishing rule failed - 2.Oct.2008 8:31:43 PM
|
|
|
fres
Posts: 15
Joined: 22.Jun.2008
Status: offline
|
Jason
Do I need the DNS rule and can I get rid of it? I am only concerned with the network traffic that will be forwarded to the IP address of the ISA's external network.
This ISA is behind a hardware Fire Wall and there is an IP on the Internet that is Natted to the IP address of the external NIC on the ISA.
Thanks
Bruce
quote:
ORIGINAL: Jason Jones
In terms of the DNS rule, you cannot use server publsihing in this way.
You will need to create appropriate DNS access rules to achieve what you need...
Cheers
JJ
|
|
|
|
|
RE: Server publishing rule failed - 2.Oct.2008 8:37:15 PM
|
|
|
fres
Posts: 15
Joined: 22.Jun.2008
Status: offline
|
quote:
ORIGINAL: Rotorblade
quote:
Server Publishing rule SPR HTTPS
action: allow
traffic
Allow network traffic using the following protocol
HTTPS SERVER
from External
to 10.3.157.14
networks external
Any reason why your not using secure Web publishing over server publishing?
And just to verify, you do have two or more NIC's installed and configured?
RB
RB
My application uses Apache Tomcat and it looks like you can't export the SSL Certificate from Apache Tomcat so that is why I am using server publishing.
|
|
|
|
|
RE: Server publishing rule failed - 2.Oct.2008 8:42:23 PM
|
|
|
fres
Posts: 15
Joined: 22.Jun.2008
Status: offline
|
quote:
ORIGINAL: fres
quote:
ORIGINAL: Rotorblade
quote:
I have the following network relationships
Internal to External NAT
Exteranl to Internal NAT
Internet Access NAT Internal to External
Do you have the default rule - Local Host to all networks Route?
External to Internal NAT - Is that a rule you added?
Internal to External NAT - That's a duplicate rule to Internet Access network rule.
RB
Yes I added the External to Internal Rule. Is it not correct?
RB
Yes we have the default rule.
Thanks
Bruce
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
