inderjeet -> RE: Microsoft & Trend sites are not working (29.Apr.2009 10:26:29 AM)
There are alot of issues with your ISA configuration. Moreover, i believe there was a delay in starting the Netmon on the client machine and the ISABPA on the ISA vs test which you did on client. Client requested http;//trendmicro.com at 10:29AM but i see no logs hitting ISA at that time in logs. The ISA logs start from 10:34AM. Anyways,
1. You have two NICs in ISA but i can see that you have configured a DMZ Ip range of 192.168.x.x network and you have allowed everything from Internal/localhost to DMZ. I am not sure how ISA is going to do that. You need an additional NIC connected to the DMZ network
2. <fpc4:Description dt:dt="string">A network adapter is configured with several IP addresses which belong to several networks. This is not a valid configuration.</fpc4:Description> tells that you have added IPs on your NIC with different networks. AFAIK, it's not supported
3. Looking at the following trace it shows that the client 172.21.3.200 is making a GET request to ISA, that was in Frame number 664, In the very next frame i see that ISA replied back with a response saying BAD Gateway. I am not sure why ISA did that because i dont have traces on ISA for that time due to late start of logs.
Ipv4: Src = 172.21.3.200, Dest = 172.21.0.6
Http: Request, GET http://trendmicro.com/
Ipv4: Src = 172.21.0.6, Dest = 172.21.3.200
Http: Response, HTTP/1.1, Status Code = 502, URL: http://trendmicro.com/
StatusCode: 502, Bad gateway
4. I couldn't understand the relevance of Your VPN access rule which is allowing so many protocols and that too from Internal/Localhost to Anywhere.
5. I also found below alerts for 5-6 machines. This alert is generated when a machine tries to send too many TCP connections in 1 minute. By default it is 600. That means all those machines have tried to send either 600 or more than 600 TCP connections through or on ISA.ISA blocks the traffic from those machines for a specific amount of time. This could be potentialy because of viruses. You need to check your machines against viruses and trojans.
" The number of TCP connections per minute from the source IP address 172.21.3.200 exceeded the configured limit. ISA Server will not allow the creation of new TCP connections from this source IP address during a system-defined time period. By default; this time period is 1 min "
Overall i can say at this time is that, it could be very well be a network issue or a configuration issue. get in touch with Microsoft to get your ISA configured properly.
If you are a Gold partner then check the link in my signature below to see how you may get support from our team in Microsoft.
****** Check Next Entry As well ****