ISA Server denies all connections from internal to localhost (Full Version)

All Forums >> [ISA Server 2004 Firewall] >> Access Policies



Message


Lono9885 -> ISA Server denies all connections from internal to localhost (16.Feb.2011 7:38:22 AM)

Hi Guys,

Wonder if you can help. A little history.

Our internal Network sits behind a Cisco ASA firewall, on the other side off one of the interfaces is our DMZ. On the DMZ sits our ISA server with a backup internet connection. Users can surf via this backup connection using the proxy address and port 8080 in their browsers. (the other firewall interface has our WAN/Internet Connection).

This all works fine but the ISA server only sees the address of the firewall making all outbound connections. What we want is a situation where the ISA can see the source addresses of machines within the network making the initial request. SO.. we spoke to the firewall management who implemented a rule on the firewall for NAT exemption. Therefore source addresses were presented to the ISA server directly across the firewall.

However as soon as this is implemented, no one can go surfing and the ISA server seems to block all attempted connections!!

The Log shows destination IP as the ISA servers IP, the port as 8080, the protocol as 'Unidentified IP Traffic', the action as 'Denied Connection' and the source address, which in this instance is my PCs IP address. Destination Network is Local Host and Source Network is Internal.

I've tried everything in my power to get this working and can't fathom out what is happening. I've even tried removing all the rules bar the explicit outbound and the default deny all. It still doesn't work.

Any ideas what could be causing this please! It's so frustrating.

Incidentally...whilst none of the internal network clients can go out the ISA server is surfing happily. It can't be the firewall policy surely because when there is NO NAT exemption rule...the firewalls IP can happily access the ISA server and go out the door.

Cheers
Adam




Page: [1]