• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

internet access rule does not work

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2004 Firewall] >> Access Policies >> internet access rule does not work Page: [1]
Login
Message << Older Topic   Newer Topic >>
internet access rule does not work - 7.Jul.2006 6:44:55 AM   
hfergusson

 

Posts: 3
Joined: 7.Jul.2006
Status: offline
I have a newly installed ISA 2004 server on win2k3.
I have not been able to get an internet access rule working for internal users
The isa config is an edge firewall.  Set up the internet access policy using the wizard for restricted internet access
so I am allowing http, https and ftp from internal to external.  I have added a group of users under the condition that will be allowed access from active directory.
If i leave this rule as above and run a query through monitoring this rule does not pick up any http traffic from the internal computer I am testing the internet connection from. The traffic is picked up and denied by the default deny any rule.

If I change the rule to include local host in the from /listener and local host in the To then the internet access rule/policy filters http traffic but still denies the connection.  From monitoring I can see http traffic being denied by the internet access policy. The source network is internal but the destination is local host??  It looks like the traffic is not being NAT'ed or it cannot find the route to the gateway.

The server is multi homed with an internal and external address.  next hop after the external address is a firewall that is allowing traffic from isa to the internet. I can get to the internet when logged into the isa server through IE fine.

The other issue I have is that there is no domain user specified under client username when running the query?
I think the query should show me who is trying to connect to the internet.

Also I have published web sites and servers and these policies are working ok

Any help would be much appreciated.

Post #: 1
RE: internet access rule does not work - 7.Jul.2006 2:14:00 PM   
samir7399

 

Posts: 18
Joined: 21.Jun.2006
Status: offline
let me try to visualize the situation.

1) Click Firewall Policy on the ISA Management Console. Click the Tasks tab on the right and then click Edit System Policy. In the system policy editor go to Authentication - Active Directory. Make sure the Enable check box is ticked.
In the To tab the computer set for your DC should be present. If this is all there try to remove the check mark on Strict RPC Compliance if it is ticked.

(in reply to hfergusson)
Post #: 2

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2004 Firewall] >> Access Policies >> internet access rule does not work Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts