We have a web publishing rule (listening on the external NIC port 80) but it is never getting hit. When monitoring in ISA, you can see the request coming in (and to the right IP address on the external NIC and port the rule should be listening on) but it gets denied, although not by the Default Rule (it doesnt state a rule). I just can't work out why!!
Out of interest, whenever I restart the ISA firewall, I get the following (one off) entry in the event log - could it be related? Could it be a spoofing problem? Event 14147 -
ISA Server detected routes through adapter External that do not correlate with the network element to which this adapter belongs. For best practice, the address range of an ISA Server network should match the address ranges routable through the associated network adapter as defined in the routing table. Otherwise valid packets may be dropped as spoofed. (This alert may occur momentarily when you create a remote site network. You may safely ignore this message if it does not reoccur.) The address ranges in conflict are: xxxxxxxxxxxxx;.
I'm not in the office currently but will check first thing.
Re. the result code - shall I post that on here or google it? Re. the VPN. I'm a bit of an ISA novice, not sure exactly what you mean re. site to site VPN, but we do allow VPN connections into the ISA server (which incidentally doesn't seem to be working either at the moment).