Welcome to ISAserver.org
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
The network rules do not allow the connection requested
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
The network rules do not allow the connection requested - 11.Mar.2008 5:33:39 PM
|
|
|
riaandw
Posts: 3
Joined: 4.Mar.2008
Status: offline
|
HELP!!! I'm going bald, prematurely, from pulling my hair out!!!
Has anyone managed to get TightVNC Viewer running on a ISA protected network to connect to
a external PC over the internet without getting the dreaded 0xc0040012 FWXE_NETWORK_RULES_DENIED
message as stated below?
Denied Connection
Log type: Firewall service
Status: The network rules do not allow the connection requested.
Rule:
Source: Internal ( 192.168.16.97:2994)
Destination: External ( 165.xxx.xxx.xxx:5900)
Protocol: TightVNC TCP:5900 Outbound
My client is doing remote support on a variety of systems for their customers, running
anything from TightVNC, PCAnywhere and RemoteDesktop.
I've tried everything and searched everywhere, but this happens on all 3 of the above
mentioned applications from any PC within the ISA protected network trying to connect
to standalone PCs connected to the internet.
The hardware firewalls on the routers allows for all access, since I'm able to connect to the
standalone PC's connectd to the internet from home, with no problem.
Any help and hairlotion will be much appreciate.
Ciou
Riaan
|
|
|
|
RE: The network rules do not allow the connection reque... - 12.Mar.2008 9:49:53 AM
|
|
|
Rotorblade
Posts: 963
Joined: 27.Feb.2007
Status: offline
|
Hi,
Do you have an access rule configured? Not seeing one in the log information you provided.
Is the ISA Firewall or SecureNAT client installed on the PC?
RB
_____________________________
David Melvin
Ohio
MCSE: Security 2003, MCSA:Security 2003
|
|
|
|
|
RE: The network rules do not allow the connection reque... - 12.Mar.2008 2:59:22 PM
|
|
|
riaandw
Posts: 3
Joined: 4.Mar.2008
Status: offline
|
Hi,
The problem is that I saw that there are no access rule liste. Why I do not know and where to go and define it I do not know either, as the Remote Desktop type calls from inside the ISA to external PCs is currently the only communication that does not show any access rules.
When hovering over the status I get a tooltip with the following message: 0xc0040012 FWXE_NETWORK_RULES_DENIED
When looking at the network rules, I have the following defined:
Network Rule 1
Order: 1
Name: Local Host Access
Relation: Route
Source Networks: Local Host
Destination Networks: All Networkds (and Local Host)
Network Rule 2
Order: 2
Name: VPN Clients to Internal Network
Relation: NAT
Source Networks: External / Quarantined VPN Clients / VPN Clients
Destination Networks: Internal
Network Rule 3
Order: 3
Name: Internet Access
Relation: NAT
Source Networks: Internal / Quarantined VPN Clients / VPN Clients
Destination Networks: External
Hope the additional information helps.
Kind Regards,
Riaan
|
|
|
|
|
RE: The network rules do not allow the connection reque... - 12.Mar.2008 5:08:33 PM
|
|
|
Rotorblade
Posts: 963
Joined: 27.Feb.2007
Status: offline
|
Hi,
quote:
When looking at the network rules, I have the following defined:
Right church wrong pew! Network rules is not where you should be. You need to create a Firewall access rule in the ISA’s Firewall policy for VNC access. It looks like you have the protocol defined so all you should need to do is create the access rule.
In the ISA’s MMC, click Firewall policy in the left pane then right-click and click New; Access Rule. Follow the wizard:
Name; Access rule name, i.e. VNC access
Action; Allow
This rule applies to; Selected Protocols; click Add and select the VNC out bound protocol you defined
This rule applies to traffic from these sources; Click add and select Internal (using a computer set is an option)
This rule applies to traffic sent to these destinations; Click add and select External. (using a destination set is an option)
This rule applies to requests from the following user sets; The default will be “All Users” but you will need to decide based on your authentication requirement!
Click the finish, apply the changes (by clicking the apply button) and your new access rule should be created. You want to make sure that you place the new access rule in the proper firewall order!
HTH
RB
_____________________________
David Melvin
Ohio
MCSE: Security 2003, MCSA:Security 2003
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
