• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Can't Reach Internet Server

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2000 General] >> General >> Can't Reach Internet Server Page: [1]
Login
Message << Older Topic   Newer Topic >>
Can't Reach Internet Server - 13.Jun.2003 4:56:00 AM   
mpomar

 

Posts: 1
Joined: 13.Jun.2003
Status: offline
We use a commerce module that uses TCP to process information on a server securely over the Internet. According to the company that provides the module we need port 1139 open on our firewall (ISA).

We created an outbound Protocol Definition for this port with an inbound secondary connection using the same port. We then created a Protocol Rule to allow access from a secure NAT test workstation where this component is being tested.

The component provider said that if the network is configured properly, we should be able to telnet to their server. However, we are unable to telnet to the server. The component must be able to communicate both ways (inbound and outbound) and I believe we have it configured to do so.

What could we be missing? I understand ISA does not immediately pickup rule changes. How long should I need to wait?

Any suggestions would be greatly appreciated.

Thanks,
- Matt
Post #: 1
RE: Can't Reach Internet Server - 13.Jun.2003 8:54:00 PM   
BaanMan

 

Posts: 20
Joined: 15.Apr.2002
From: Germany
Status: offline
Hello Matt

Have you allowed TELNET to the Test Workstation ??

Greetings B@@nM@n

(in reply to mpomar)
Post #: 2
RE: Can't Reach Internet Server - 13.Jun.2003 9:10:00 PM   
spouseele

 

Posts: 12830
Joined: 1.Jun.2001
From: Belgium
Status: offline
Hi Matt,

check out http://www.tacteam.net/openport.htm [Razz]

Most of the time when a vendor say you have to open port 1139, he should say: allow the protocol TCP port 1139 outbound. So, make a protocol definition with the parameters TCP port 1139 outbound (no secondary connections) and allow it in a protocol rule. Also, make sure there is a site&content rule in place to allow access to that site. To make the change immediately active, bounce the firewall service.
Test it with the command 'telnet IP_destination 1139'.

If something isn't working as expected, you should consult the ISA logfiles. They are your primary resource for debugging. To get the most information out of the logfiles, I strongly recommend to enable the logging of all fields. In the MMC, go to the node Monitoring Configuration, then select Logs. In the details pane, right-click the applicable service and then click Properties. On the Fields tab, click Select All.

A lot of people seem to have problems with interpreting the logfiles. It isn't that difficult, but you should first understand what is logged. In the ISA helpfile there is a section called Firewall and Web Proxy log fields, a must read. Additional information can be found in the article http://support.microsoft.com/default.aspx?scid=kb;en-us;Q284818 .

HTH,
Stefaan

(in reply to mpomar)
Post #: 3

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2000 General] >> General >> Can't Reach Internet Server Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts