Hi there I am new to ISA and have been testing it out in a lab environment for a couple weeks. I have been stumped by how ISA seems to be blocking access when it shouldn't be.
I have been trying to do a simple ping rule. I am trying to ping from a network that I have defined as a perimeter network to a computer on the other side of the ISA server which is defined as being on the Internal network.
I set up my ping rule to allow access from the perimeter network to the Internal network. However the test fails and I see the attempt being blocked in the log.
If I make no other change but to move the ip range of the perimeter network and include it as part of the Internal network, I am able to ping.
I am stumped. I'm sure I am overlooking something obvious here but for the life of me I don't know what.
Original Client IP Client Agent Authenticated Client Service Server Name Referring Server Destination Host Name Transport MIME Type Object Source Source Proxy Destination Proxy Bidirectional Client Host Name Filter Information Network Interface Raw IP Header Raw Payload GMT Log Time Source Port Processing Time Bytes Sent Bytes Received Result Code HTTP Status Code Cache Information Error Information Log Record Type Authentication Server Log Time Destination IP Destination Port Protocol Action Rule Client IP Client Username Source Network Destination Network HTTP Method URL 192.168.31.51 CCTCFW - ICMP - - 2/18/2010 8:21:48 PM 8 0 0 0 0xc0040014 FWX_E_FWE_SPOOFING_PACKET_DROPPED 0x0 0x0 Firewall - 2/18/2010 3:21:48 PM 192.168.150.100 0 PING Denied Connection 192.168.31.51 Outside Internal - -
So let's say this is in production and I am trying to grant access to resources on our network to a network over the WAN (not ours, another department), you are saying the proper way to do this with ISA is to add that subnet to the Internal network?
Here is the test network I made for the 192.168.31.0 network called "Outside"