|
jutler -> Can view Some Website but not others (17.Jun.2008 7:02:16 AM)
|
Hello,
I am relatively new to ISA servers and I am having issues. First a bit on our setup:
We currently have 2 sets of CISCO ASA security devices. One facing our external connection and one facing our internal network. Between these two firewalls sits our DMZ. In the DMZ we are planning to deploy about 10 servers, most of which are web servers. We have also within the DMZ installed our ISA server.
Web request go through the internal Cisco ASA to the ISA server in the DMZ which then goes out through the external ASA. All traffic from the LAN is allowed through to the DMZ. This seems to be working as there are some sites which I can get to without any problems. However there are some website which the ISA server just denies.
For example, with the ISA server as my proxy, I can browse www.cisco.com fine. The website loads and I can click on links etc. However, if I try to browse to either www.google.co.uk or www.microsoft.com, I get a MSN live search window with the website listed in the search results. However when I click the link, the ISA server denies the request.
When I go to monitoring on the ISA server and click on the logging tab, I can see that my PC's IP address is the source and the internal interface of the ISA (one connected to the internal ASA) is listed in red with port 8080, protocol HTTP and the action as denied connection (there are some of these even when browsing to websites which are successful). The client username is mostly anonymous against the denied requests but there are a few with my username listed. If the websites are allowed through, the events are marked in green with my domain\username besides them all but any part of the websites which is denied have anonymous listed against it.
I have deleted and recreated policy rules but I keep getting this error. I have been working on it for about 2 days now with no progress. Any help in this would be most appreciated.
Thanks
|
|
|
|