I have a ISA 2004 with two NICs, one connected to an internal LAN (192.168.0.0/24) and the other connected to an broadband router (I unchecked the TCP/IP binding from the interface because I use a PPPoE dial up account with it)
I have the following web publishing rule: Action: Allow (of course :-) From: Anywhere To: my internal web server, "foward the original host header" enabled and "requests appear to come from the ISA Server Computer" Traffic: HTTP Listener: Networks - External; Port HTTP 80; Auth Basic (it's a public test page) Public Name: the FQDN address I use with Dynamic DNS
So it is a pretty "vanilla" publishing rule. What is strange is that it was working when I first set it up. But now, when I try to hit my web page from the Internet, it simply times out after a while. Checking ISA's Logging Tab under Monitoring reveal the following match for each of my access attempts:
Denied Connection Log Type: Firewall Service Status: The policy rules do not allow the user request Rule: Default Rule Source: External (my source ip on the internet:random port) Destination: External (ISA's PPPoE address:80) Protocol: HTTP
Hovering my mouse over the Status line displays error code "0xc004000d FWX_E_POLICY_RULES_DENIED"
I am wondering what might be causing ISA to not understand that the traffic is intended to be handled by the publishing rule, and fall under the "catch all" default deny rule
note: I do have this FQDN host inside my ISA's HOSTs file, pointing to the same web-server because I also using a OWA publishing rule; it is failing the same way so I figured it would be better to start troubleshooting with the simplest rule.
Who would have guessed it (I should have! :-) ) Rebooting the ISA machine solved the problem. Just wondering what went wrong along the way.
Regards!
quote:
ORIGINAL: fscalon
Hello,
I have a ISA 2004 with two NICs, one connected to an internal LAN (192.168.0.0/24) and the other connected to an broadband router (I unchecked the TCP/IP binding from the interface because I use a PPPoE dial up account with it)
I have the following web publishing rule: Action: Allow (of course :-) From: Anywhere To: my internal web server, "foward the original host header" enabled and "requests appear to come from the ISA Server Computer" Traffic: HTTP Listener: Networks - External; Port HTTP 80; Auth Basic (it's a public test page) Public Name: the FQDN address I use with Dynamic DNS
So it is a pretty "vanilla" publishing rule. What is strange is that it was working when I first set it up. But now, when I try to hit my web page from the Internet, it simply times out after a while. Checking ISA's Logging Tab under Monitoring reveal the following match for each of my access attempts:
Denied Connection Log Type: Firewall Service Status: The policy rules do not allow the user request Rule: Default Rule Source: External (my source ip on the internet:random port) Destination: External (ISA's PPPoE address:80) Protocol: HTTP
Hovering my mouse over the Status line displays error code "0xc004000d FWX_E_POLICY_RULES_DENIED"
I am wondering what might be causing ISA to not understand that the traffic is intended to be handled by the publishing rule, and fall under the "catch all" default deny rule
note: I do have this FQDN host inside my ISA's HOSTs file, pointing to the same web-server because I also using a OWA publishing rule; it is failing the same way so I figured it would be better to start troubleshooting with the simplest rule.
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
Printable Version
All Forums >> [ISA Server 2004 General ] >> Web Publishing >> web listener issue: destination traffic appears as external 
web listener issue: destination traffic appears as exte... - 
New Messages
No New Messages
Hot Topic w/ New Messages
Hot Topic w/o New Messages
Locked w/ New Messages
Locked w/o New Messages
Post New Thread