Welcome to ISAserver.org
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
Unable to reach internal websites
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
Unable to reach internal websites - 4.Apr.2006 4:14:18 PM
|
|
|
Gholleman
Posts: 6
Joined: 1.Feb.2006
Status: offline
|
We're having seriously annoying issues with reaching internal websites (actually : webinterfaces on routers/switches and printers) trough isa2004.
When trying to connect to a webinterface of a printer we get an errormessage:
Technical Information (for support personnel)
Error Code: 502 Proxy Error. The ISA Server denied the specified Uniform Resource Locator (URL). (12202)
IP Address: 10.1.2.50
Date: 4/4/2006 1:58:21 PM
Server: FW001.------.net
Source: proxy
On the firewall we get the following message :
Original Client IP Client Agent Authenticated Client Service Referring Server Transport HTTP Method MIME Type Object Source Source Proxy Destination Proxy Bidirectional Client Host Name Filter Information Network Interface Raw IP Header Raw Payload GMT Log Time Source Port Processing Time Bytes Sent Bytes Received Cache Information Error Information Log Time Client IP Destination IP Destination Port Destination Host Name Protocol Action Rule Result Code HTTP Status Code Client Username Source Network Destination Network URL Server Name Log Record Type
10.1.10.1 - TCP - - - 4/4/2006 1:56:59 PM 1731 37000 9677 125558 0x0 0x0 4/4/2006 3:56:59 PM 10.1.10.1 10.1.2.50 8080 Unidentified IP Traffic Closed Connection 0x80074e20 FWX_E_GRACEFUL_SHUTDOWN Internal Local Host - FW001 Firewall
10.1.10.1 - TCP - - - 4/4/2006 1:57:01 PM 1734 0 0 0 0x0 0x0 4/4/2006 3:57:01 PM 10.1.10.1 10.1.2.50 8080 Unidentified IP Traffic Initiated Connection 0x0 Internal Local Host - FW001 Firewall
When I disable both the firewallclient and the webproxyclient the connection succeeds. Adding the ipaddress to the 'do not use proxyserver for addresses beginning with' does not make a difference, and fails.
On the propertiepage of the networks-internal-addresses tab the series 10.1.0.0-10.6.255.255 is included in the 'specify the ip-address range to include in this network' and in the webbrowser tab, the 'bypass proxy for webservers in this network' and the 'directly access the servers in this domain' is enabled. Also the 'directly access these servers or domains' includes the 10.1.0.0-10.6.255.255 range.
Config of the network interfaces :
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network Connection
Physical Address. . . . . . . . . : 00-14-22-73-1C-6F
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 82.--.--.--
Subnet Mask . . . . . . . . . . . : 255.255.255.248
Default Gateway . . . . . . . . . : 82.--.--.--
DNS Servers . . . . . . . . . . . : 10.1.2.1
194.--.--.--
NetBIOS over Tcpip. . . . . . . . : Disabled
Ethernet adapter INTERN:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network Connection #
2
Physical Address. . . . . . . . . : 00-14-22-73-1C-6E
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 10.1.2.50
Subnet Mask . . . . . . . . . . . : 255.255.0.0
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : 10.1.2.1
Routing table :
Persistent Routes:
Network Address Netmask Gateway Address Metric
10.2.0.0 255.255.0.0 10.1.1.1 1
10.3.0.0 255.255.0.0 10.1.1.1 1
10.4.0.0 255.255.0.0 10.1.1.1 1
10.5.0.0 255.255.0.0 10.1.1.1 1
10.6.0.0 255.255.0.0 10.1.1.1 1
Now, i have to agree, i'm not an isa specialist (far from, though i did take the course) but i'm kinda lost now what could be the problem.
|
|
|
|
|
RE: Unable to reach internal websites - 4.Apr.2006 6:10:25 PM
|
|
|
LLigetfa
Posts: 2184
Joined: 10.Aug.2004
From: fort frances.on.ca
Status: offline
|
Where is the ISA in relation to the clients and the internal websites. If they are both on the same side, why is the ISA involved? Did you configure them to go direct?
_____________________________
The School of Hard Knocks is a mean teacher. She gives the exam before the lesson.
|
|
|
|
|
RE: Unable to reach internal websites - 6.Apr.2006 11:25:43 AM
|
|
|
Gholleman
Posts: 6
Joined: 1.Feb.2006
Status: offline
|
The isa is on the border of the network/internet, not in between the clients and the switches etc.
I don't get it myself why the isa (considers itself to be) involved. When i disable both the firewall and proxyclient it does work normally.
But it intercepts the traffic and blockes it, and that is the problem i can't figure out.
|
|
|
|
|
RE: Unable to reach internal websites - 6.Apr.2006 3:15:42 PM
|
|
|
LLigetfa
Posts: 2184
Joined: 10.Aug.2004
From: fort frances.on.ca
Status: offline
|
quote:
But it intercepts the traffic and blockes it
Because you did not configure them to go direct.
_____________________________
The School of Hard Knocks is a mean teacher. She gives the exam before the lesson.
|
|
|
|
|
RE: Unable to reach internal websites - 7.Apr.2006 1:25:30 PM
|
|
|
Gholleman
Posts: 6
Joined: 1.Feb.2006
Status: offline
|
I was able to solve the problem myself.. and am embarresed to mention the solution :
The rule was allowing from internal to external. Added internal to the destination, and the problem is solved..
Sometimes the solution is to obvious to be noticed....
Thnx everyone for thinking along..
|
|
|
|
|
RE: Unable to reach internal websites - 7.Apr.2006 4:30:30 PM
|
|
|
LLigetfa
Posts: 2184
Joined: 10.Aug.2004
From: fort frances.on.ca
Status: offline
|
No, NO, NOOO. The solution is NOT to loopback through ISA with an internal-internal rule.
_____________________________
The School of Hard Knocks is a mean teacher. She gives the exam before the lesson.
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
