• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Denied connection, who knows because of which rule?

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA 2006 Publishing] >> Web Publishing >> Denied connection, who knows because of which rule? Page: [1]
Login
Message << Older Topic   Newer Topic >>
Denied connection, who knows because of which rule? - 2.Jan.2007 12:18:51 PM   
DavideB

 

Posts: 13
Joined: 8.Oct.2001
From: Italy
Status: offline
I'm getting crazy with a simple problem.

I have an old ISA 2000 on W2K and I'm trying to migrate its role to another ISA 2006 on W2K3.
The ISA 2006 setting are the same working on the ISA 2000, I just try to unplug the connection from the old server and connect the new server.
The traffic reach the new ISA 2006 but everything is rejected/denied. The "deny all" default rule is the last one, there are many web publishing and server publishing rules enabled in the firewall policy, including the rules related to the sites I'm trying to access.

In the log I see the request coming from an internet client, the destination is an IP of the ISA 2006. There is no indication of which rule denied the connection and the log entry content is:
x.x.x.x    PROXY01 -  TCP -      -    02/01/2007 16.55.23 44721 0 0 0 0xc0040014 FWX_E_FWE_SPOOFING_PACKET_DROPPED  0x0 0x0 Firewall - 02/01/2007 17.55.23 y.y.y.y 80 HTTP Denied Connection  x.x.x.x
External Local Host - -

Any advice is really appreciated.
Post #: 1
RE: Denied connection, who knows because of which rule? - 2.Jan.2007 1:25:41 PM   
spouseele

 

Posts: 12830
Joined: 1.Jun.2001
From: Belgium
Status: offline
Hi DavideB,

as you can clearly see in the log, ISA has detected packets on an interface which shouldn't follow that path. Therefore, the anti-spoofing feature in ISA will drop those packets.

So, check out your general network setup, network definitions and rules on ISA.

HTH,
Stefaan

(in reply to DavideB)
Post #: 2
RE: Denied connection, who knows because of which rule? - 3.Jan.2007 4:09:36 AM   
DavideB

 

Posts: 13
Joined: 8.Oct.2001
From: Italy
Status: offline
I found no evident problem (to me) with network config/rules, this time I restarted the firewall service after connecting the cord to the adapter and the errors are completely different.
I have another ISA 2004 server, connected to another line, that I use to access the internet, including the public sites I publish. These sites are currently published by another ISA 2000 server and I'm trying to move its role to a new ISA 2006 server.

Here this is what happens when I try to access a published site from the internet.
213.255.65.36    PROXY01 -  TCP -      -    03/01/2007 8.26.03 14351 0 0 0 0x0 ERROR_SUCCESS  0x0 0x0 Firewall - 03/01/2007 9.26.03 81.118.250.170 80 HTTP Initiated Connection  213.255.65.36  External Local Host - -

From this entry I understand the incoming request is evaluated. This is the subsequent error.

0.0.0.0 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; FDM; .NET CLR 3.0.04506.30) Yes Reverse Proxy PROXY01 http://sharepoint/MySite/default.aspx www.history-online.com TCP  Internet - -  - Req ID: 0c70608e; Compression: client=No, server=No, compress rate=0% decompress rate=0% - - - 03/01/2007 8.26.23 0 63050 2155 917  10060  0x10 0x40 Web Proxy Filter  03/01/2007 9.26.23 10.10.10.32 80 http Failed Connection Attempt www.history-online.com 213.255.65.36 anonymous External  GET http://www.history-online.com/DDay/

In this trace entry is present the address of the page (http://sharepoint/MySite/default.aspx) from which I followed the link to the external resource (www.history-online.com). Is it expected to appear in the trace?

10.10.10.32 port 80 is the correct address of the resource I would like to publish and I'm able to access it from the ISA server.

Any advice?

(in reply to spouseele)
Post #: 3
RE: Denied connection, who knows because of which rule? - 3.Jan.2007 3:51:25 PM   
spouseele

 

Posts: 12830
Joined: 1.Jun.2001
From: Belgium
Status: offline
Hi DavideB,

in the log entry I see
03/01/2007 8.26.23 0 63050 2155 917  10060  0x10 0x40 Web Proxy Filter .

The code '10060' looks very much like a Winsock error code and means Connection timed out. If that's true than check out the path of the default gateway on the published server (or on your internal network), or make sure your inbound connection appears to come from the ISA server in the publishing rule.

HTH,
Stefaan

(in reply to DavideB)
Post #: 4
RE: Denied connection, who knows because of which rule? - 4.Jan.2007 2:56:57 AM   
DavideB

 

Posts: 13
Joined: 8.Oct.2001
From: Italy
Status: offline
Your help has been really precious, it was a problem related to the gateway configured in the internal server I intented to publish.

Thanks once more,
Davide

(in reply to spouseele)
Post #: 5
RE: Denied connection, who knows because of which rule? - 4.Jan.2007 2:27:25 PM   
spouseele

 

Posts: 12830
Joined: 1.Jun.2001
From: Belgium
Status: offline
Hi Davide,

good to hear your problem is solved and thanks for the follow up!

HTH,
Stefaan

(in reply to DavideB)
Post #: 6

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA 2006 Publishing] >> Web Publishing >> Denied connection, who knows because of which rule? Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts