Welcome to ISAserver.org

Web publisihing rule not working

Users viewing this topic: none

Logged in as: Guest

Printable Version

All Forums >> [ISA 2006 Publishing] >> Web Publishing >> Web publisihing rule not working

Page: [1]

Message

<< Older Topic Newer Topic >>

Web publisihing rule not working - 25.Jul.2008 1:10:37 AM

grego

Posts: 3
Joined: 25.Jul.2008
Status: offline

Hi ,
I have been trying and trying to get this publishing rule working but nothing is working. I have ISA 2006 standard with SP1

Have created a pbulising rule using the Web Publishing rule wizard and all seems fine but when I send traffic to the external address of the firewall I don't see the web site and the log states denied connection for the HTTP.

Thisis what I have
On the ISA box
External IP 192.168.67.10
Internal IP 192.168.64.7
WEb site IP: 192.168.64.21

In the rule
Action: allow
From : anywhere
To: WEB Sever, IP : 192.168.64.21 (forward IP. requests come from client)
Traffic : HTTP
Public Name: All requested
Path: /*
Authentication Delegation: no delegation, but client may authenticate directly
App settings: nothing (greyed)
Bridging : web , redirect request to HTTP port = 80
Users: All users
Schdeule : always
Link Translation: off

Web Listener
Network: External (selected IP 192.168.67.10)
Connections: Enable HTTP connection on port 80
Certificate : none
Authentication: Http Authentication (Basic and Intergrated ticked) Advanced I ticked Alloc client authenication over HTTP and enter the DOMAIN name
Forms : greyed out
SSO : greyed out

No when I use the new Traffic Simulator I go web publishing and enter an ip of 2.2.2.2 put my URL in and click start . I get this error

Allowed Traffic Denied Traffic
- destination URL host name could not be resolved

Rule Name: Default rule

Rule Order:

Additional information

From:

To:

Network Rule Name:

Network Relationship:

Protocol:

Rule Application Filter:

This seems to indicate it can't find the web site. But I can ping the URL from the ISA server fine and I cna browse to it fine.

These are the log entries

800
7/25/2008 15:05:36
fff834d3
Firewall service
The Firewall service is performing rule evaluation.

801
7/25/2008 15:05:36
fff834d3
Firewall service
Protocol: HTTP

802
7/25/2008 15:05:36
fff834d3
Firewall Engine
Packet properties: Source IP address: 2.2.2.2 Source array network: External Destination IP address: 192.168.64.21 Destination array network: Internal

803
7/25/2008 15:05:36
fff834d3
Firewall service
ISA Server will check only rules that are associated with the protocol HTTP.

804
7/25/2008 15:05:36
fff834d3
Firewall service
ISA Server is evaluating the rule [System] Allow HTTP/HTTPS from ISA Server to specified Microsoft error reporting sites.

805
7/25/2008 15:05:36
fff834d3
Firewall service
source does not match the packet.

806
7/25/2008 15:05:36
fff834d3
Firewall service
ISA Server is evaluating the rule [System] Allow HTTP/HTTPS requests from ISA Server to specified sites.

807
7/25/2008 15:05:36
fff834d3
Firewall service
source does not match the packet.

808
7/25/2008 15:05:36
fff834d3
Firewall service
ISA Server is evaluating the rule [System] Allow MS Firewall Control communication to selected computers.

809
7/25/2008 15:05:36
fff834d3
Firewall service
source does not match the packet.

810
7/25/2008 15:05:36
fff834d3
Firewall service
ISA Server is evaluating the rule Unrestricted Internet access.

811
7/25/2008 15:05:36
fff834d3
Firewall service
source does not match the packet.

812
7/25/2008 15:05:36
fff834d3
Firewall service
ISA Server is evaluating the rule VPN Clients to Internal Network.

813
7/25/2008 15:05:36
fff834d3
Firewall service
source does not match the packet.

814
7/25/2008 15:05:36
fff834d3
Firewall service
ISA Server is evaluating the rule Internal All.

815
7/25/2008 15:05:36
fff834d3
Firewall service
source does not match the packet.

816
7/25/2008 15:05:36
fff834d3
Firewall service
ISA Server is evaluating the rule Default rule.

817
7/25/2008 15:05:36
fff834d3
Firewall service
The rule Default rule matches the packet and may deny it. However, a rule that precedes this rule in the list of policy rules and matches the packet will take precedence and may allow the packet.

818
7/25/2008 15:05:36
fff834d3
Firewall service
The rule Default rule blocked the packet.

819
7/25/2008 15:05:36
fff834d3
Firewall service
The Firewall service is performing rule evaluation.

820
7/25/2008 15:05:36
fff834d3
Firewall Engine
Packet properties: Source IP address: 2.2.2.2 Source array network: External Destination IP address: 192.168.64.21 Destination array network: Internal

821
7/25/2008 15:05:36
fff834d3
Firewall service
ISA Server is looking for an applicable network rule.

822
7/25/2008 15:05:36
fff834d3
Firewall service
ISA Server is evaluating the network rule Local Host Access.

823
7/25/2008 15:05:36
fff834d3
Firewall service
The source IP address in the packet does not match the source specified in the network rule.

824
7/25/2008 15:05:36
fff834d3
Firewall service
ISA Server is checking the reverse direction of the network rule Local Host Access.

825
7/25/2008 15:05:36
fff834d3
Firewall service
The destination IP address in the packet does not match the source specified in the network rule.

826
7/25/2008 15:05:36
fff834d3
Firewall service
ISA Server is evaluating the network rule VPN Clients to Internal Network.

827
7/25/2008 15:05:36
fff834d3
Firewall service
The source IP address in the packet does not match the source specified in the network rule.

828
7/25/2008 15:05:36
fff834d3
Firewall service
ISA Server is checking the reverse direction of the network rule VPN Clients to Internal Network.

829
7/25/2008 15:05:36
fff834d3
Firewall service
The source IP address in the packet does not match the destination specified in the network rule.

830
7/25/2008 15:05:36
fff834d3
Firewall service
ISA Server is evaluating the network rule Internet Access.

831
7/25/2008 15:05:36
fff834d3
Firewall service
The source IP address in the packet does not match the source specified in the network rule.

832
7/25/2008 15:05:36
fff834d3
Firewall service
ISA Server is checking the reverse direction of the network rule Internet Access.

833
7/25/2008 15:05:36
fff834d3
Firewall service
The source and destination in the packet match the source and destination specified in the network rule Internet Access in the reverse direction.

834
7/25/2008 15:05:36
fff834d3
Firewall service
The reverse direction of the network rule Internet Access, which defines a NAT relationship, matches the source and destination IP addresses specified in the packet. The traffic is denied.

835
7/25/2008 15:05:36
fff834d3
Firewall service
No network rule was found.

Record
Time
Context
Log Source
Message

It seems to go through all the rules but not my rule called web sites 1.

I really don't know whats going on so any help or suggestions would be great.

kind regards
Greg O

Post #: 1

Featured Links*

RE: Web publisihing rule not working - 25.Jul.2008 9:11:51 AM

paulo.oliveira

Posts: 931
Joined: 3.Jan.2008
From: Amazonas, Brazil
Status: offline

Hi Greg,

please paste the ipconfig /all of your ISA server. Is the gateway for the web server pointing to ISA�s internal NIC?

Regards,
Paulo Oliveira.

(in reply to grego)

Post #: 2

RE: Web publisihing rule not working - 25.Jul.2008 5:30:15 PM

grego

Posts: 3
Joined: 25.Jul.2008
Status: offline

Hi Paulo,
Thanks for your reply . Here is the IPconfig/all results

C:\Documents and Settings\greg>ipconfig /all
Windows IP Configuration
   Host Name . . . . . . . . . . . . : gecko-isa-1
Primary Dns Suffix . . . . . . . : geckoware.com.au
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : Yes
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : geckoware.com.au
                                      com.au
Ethernet adapter Publishing Network:
   Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Internal Network
pter #2
Physical Address. . . . . . . . . : 00-15-5D-40-05-0B
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.67.10
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : 192.168.64.21
Primary WINS Server . . . . . . . : 192.168.64.21
Ethernet adapter GeckoWare:
   Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : External Network
pter
Physical Address. . . . . . . . . : 00-15-5D-40-05-09
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.64.7
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.64.1
DNS Servers . . . . . . . . . . . : 192.168.64.21
Primary WINS Server . . . . . . . : 192.168.64.21
C:\Documents and Settings\greg>

I can use the browser on the ISA server and see my web site no problem. I ping the web site and I get the internal IP address.

The internal gateway for the web site is pointing to a different server as the ISA server is not the main gateway out of the network as yet. I do plan to place it there but so far I can't get it working correctly.

I have another two rules on the ISA which allow unrestricted internet access and VPN CLitnets and Internal All .

I hope you can help

kind regards
Greg O

(in reply to paulo.oliveira)

Post #: 3

RE: Web publisihing rule not working - 26.Jul.2008 3:46:31 AM

grego

Posts: 3
Joined: 25.Jul.2008
Status: offline

Hi,
It all seems to be working now. I re-directed the network traffic to the ISA server and it worked. Although the web publishing test still fails

so thanks anyway

Greg

(in reply to grego)

Post #: 4

RE: Web publisihing rule not working - 26.Jul.2008 7:16:56 AM