Welcome to ISAserver.org
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
Yet another Secure NAT problem
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
Yet another Secure NAT problem - 16.Jan.2004 5:54:00 PM
|
|
|
cleekjc
Posts: 34
Joined: 10.Sep.2003
From: OKC
Status: offline
|
As far as I can tell everything is set up correctly. I can ping and trace route FQDN's and "internet" IP's (I get from trace route)from the secure NAT client. When I open up IE on the secure NAT client I get 403 Forbidden - The ISA Server denies the specified Uniform Resource Locator (URL). (12202)
Internet Security and Acceleration Server.
For every web site I try to go to except the one on my LAN.
I have checked the LAT and only my Private IP addy range is listed.
Thanks
|
|
|
|
|
RE: Yet another Secure NAT problem - 16.Jan.2004 5:57:00 PM
|
|
|
cleekjc
Posts: 34
Joined: 10.Sep.2003
From: OKC
Status: offline
|
I just discovered something new. The Secure NAT client from above is running MS TS and Citrix. Prior to setting it as a secure NAT client I could not connect to either RDP or ICA, however now I can(it took a few minutes before it started working) but still no internet access................
|
|
|
|
|
RE: Yet another Secure NAT problem - 16.Jan.2004 11:40:00 PM
|
|
|
spouseele
Posts: 12782
Joined: 1.Jun.2001
From: Belgium
Status: offline
|
Hi Jon,
what protocol and site&content rules have you in place? Also, what are the ISA logs telling you?
HTH,
Stefaan
|
|
|
|
|
RE: Yet another Secure NAT problem - 19.Jan.2004 5:39:00 PM
|
|
|
cleekjc
Posts: 34
Joined: 10.Sep.2003
From: OKC
Status: offline
|
for now I have an enterprise site and content rule that allows any request to all destinations
Protocol is the same, Enterprise Allow and any request
these are applied to this specific ISA server I am having problems with.
BTW, I had site and content rule up with a specific AD user group I changed that to any request and now I can surf the web from my internal server, the odd thing is that I logged on the problem server with an account that had domain admin privileges and was a member of the group that had access to the internet.......
on a side note I will be opening port 25 on the ISA server routed to an Exchange 2000 server, do you know of a way I can test this before I have our web host change our MX record?
Thank you
|
|
|
|
|
RE: Yet another Secure NAT problem - 19.Jan.2004 10:49:00 PM
|
|
|
spouseele
Posts: 12782
Joined: 1.Jun.2001
From: Belgium
Status: offline
|
Hi Jon,
aha... for a SecureNAT client you can *not* use user/group based authentication. Only 'any request' (anonymous) or a 'client address set' (IP address) can be used. User/group based authentication is only supported by Web Proxy and Firewall clients.
A very nice tool to test outbound and inbound rules is Jim's WinsockTool. For more info, check out http://www.isaserver.org/Jim_Harrison/ . Of course using a simple telnet command and specifying the TCP portnumber you want to connect to is also a possibility.
HTH,
Stefaan
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
