Welcome to ISAserver.org
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
RE: pcanywhere and terminal services - in but not out?
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
RE: pcanywhere and terminal services - in but not out? - 31.Oct.2003 9:23:00 PM
|
|
|
asuh
Posts: 69
Joined: 2.Jul.2001
From: Houston, Texas
Status: offline
|
I checked the Firewall log for either the IP of the Firewall machine trying to make the connection or the port 5631 or 5632 and there aren't any logs of either. I know that the firewall log is working for other requests such as terminal services because I've posted the result on here already.
|
|
|
|
|
RE: pcanywhere and terminal services - in but not out? - 31.Oct.2003 10:44:00 PM
|
|
|
spouseele
Posts: 12782
Joined: 1.Jun.2001
From: Belgium
Status: offline
|
Hi Asuh,
it's weird you don't find any related entries in the Firewall log! That would mean the client doesn't even try to connect. So, maybe PCAnywhere can't resolve the name of the destination. Can you connect by IP address instead?
If that isn't working either, try the following commands on the client:
- telnet destination 5631
- telnet destination 5632
If that are the TCP ports the remote PCA host is listening on, the connections should succeed and you should find evidence in the Firewall log.
HTH,
Stefaan
|
|
|
|
|
RE: pcanywhere and terminal services - in but not out? - 6.Nov.2003 4:46:00 PM
|
|
|
asuh
Posts: 69
Joined: 2.Jul.2001
From: Houston, Texas
Status: offline
|
Hi Stefaan,
To update you, I finally had the chance to try out the telnet through the PCA ports 5631 and 5632. I was again unsuccessful in reaching the remote computer with telnet. Everytime I tried to open the connection, it returned with cannot establish connection.
I have forwarded the port numbers to the ISA on the router which is in front of the ISA. I have also applied all the rules for the PCA out on the ISA server. Again, we can get into the LAN but not to the remote computer.
After telneting and once again trying to connect to PCA on remote computer, I checked the firewall log for any trace of port 5631 or 5632 and there was not any sign that those ports had been used by either PCA or telnet.
[ November 06, 2003, 05:29 PM: Message edited by: asuh ]
|
|
|
|
|
RE: pcanywhere and terminal services - in but not out? - 6.Nov.2003 9:14:00 PM
|
|
|
spouseele
Posts: 12782
Joined: 1.Jun.2001
From: Belgium
Status: offline
|
Hi Asuh,
OK, then we have to investigate further why you don't see any attempt in the Firewall log. Can you take a Netmon Trace at the client PC? I suggest you use Ethereal for that. Check out http://forums.isaserver.org/ultimatebb.cgi?ubb=get_topic;f=14;t=000062 for more info.
Once you have that trace, post the URL where I can download the trace and I will take a look at it. Just make sure no other applications are running on the PC's in order to minimize the volume of data captured.
HTH,
Stefaan
|
|
|
|
|
RE: pcanywhere and terminal services - in but not out? - 10.Nov.2003 8:00:00 PM
|
|
|
asuh
Posts: 69
Joined: 2.Jul.2001
From: Houston, Texas
Status: offline
|
Hello Stefaan,
I have uploaded a network trace file to a website for you to view. The link is here.
[ November 10, 2003, 10:28 PM: Message edited by: asuh ]
|
|
|
|
|
RE: pcanywhere and terminal services - in but not out? - 10.Nov.2003 8:56:00 PM
|
|
|
spouseele
Posts: 12782
Joined: 1.Jun.2001
From: Belgium
Status: offline
|
Hi Asuh,
what did I learn from the trace?
The client sends an UDP message to UDP port 5632 (frame 2) and then tries 3 times a TCP connection request to TCP port 5631 (frames 4 - 6). In all cases the destination is '66.136.20.212' and *no* response is received. All those requests are sent *to* the MAC address '00:E0:29:6F:29:OB' which should be the MAC address of your ISA internal interface.
Because I see the real destination in the trace, the requests are sent from a SecureNAT client. That means you will only see an entry for those requests in the Firewall log if you have created the proper protocol definitions.
So, did you create the following protocol definitions?:
- PC-Anywhere-1 : TCP port 5631 Outbound
- PC-Anywhere-2 : UDP port 5631 Send/Receive
- PC-Anywhere-3 : TCP port 5632 Outbound
- PC-Anywhere-4 : UDP port 5632 Send/Receive
HTH,
Stefaan
|
|
|
|
|
RE: pcanywhere and terminal services - in but not out? - 10.Nov.2003 10:44:00 PM
|
|
|
asuh
Posts: 69
Joined: 2.Jul.2001
From: Houston, Texas
Status: offline
|
Yes, the protocol definitions are created. Here's a screen shot for proof.
www.asuh.com/networktrace/desktop.jpg
|
|
|
|
|
RE: pcanywhere and terminal services - in but not out? - 10.Nov.2003 11:18:00 PM
|
|
|
asuh
Posts: 69
Joined: 2.Jul.2001
From: Houston, Texas
Status: offline
|
Either I'm blind or I created the correct definition. How are you saying that the open definition that's showing is incorrect? Just take a look at http://www.isaserver.org/tutorials/Publishing_a_host_using_PCAnywhere_behind_ISA.html! I am 100% positive that it is correct.
Right?
[ November 10, 2003, 11:21 PM: Message edited by: asuh ]
|
|
|
|
|
RE: pcanywhere and terminal services - in but not out? - 10.Nov.2003 11:27:00 PM
|
|
|
spouseele
Posts: 12782
Joined: 1.Jun.2001
From: Belgium
Status: offline
|
Hi Asuh,
may I qoute from your first post? ![[Big Grin]](/image/smiles/biggrin.gif) quote:
After the setup, the remote users are easily able to log into the hosts of PCA and TS. However, trying to use PCA to connect to the remote host generates a connection error. TS Server has the same trouble with the error:
So, you have a problem with OUTBOUND access! What is the difference between publishing and outbound access? Right, the direction. So, if you have to support inbound (publishing) and outbound access, then you have two create TWO protocol sets, each with a different direction. By convention, Microsoft places the word 'Server' in the protocol definition names for inbound access (publishing).
HTH,
Stefaan
|
|
|
|
|
RE: pcanywhere and terminal services - in but not out? - 10.Nov.2003 11:40:00 PM
|
|
|
asuh
Posts: 69
Joined: 2.Jul.2001
From: Houston, Texas
Status: offline
|
Okay, I really don't mean to sound like a smart-@$$, but I just want to verify.
If I have followed what the PCAnywhere article said, I should have the correct setup for in and outbound access right? Well, as I have triple checked my settings, I don't see that I have made any deviation from what the PCAnywhere article describes. Yet, you said that my graphic shows an error in that the UDP definition should be Send-Receive and yet the PCAnywhere article says it should be Recieve-Send. So, should I go ahead and create another protocol definition that allows Send-Receive like you said, even though it's not stated in the PCAnywhere article? I'm just trying to verify what I'm doing.
|
|
|
|
|
RE: pcanywhere and terminal services - in but not out? - 10.Nov.2003 11:54:00 PM
|
|
|
spouseele
Posts: 12782
Joined: 1.Jun.2001
From: Belgium
Status: offline
|
Hi Asuh,
the PcAnywhere article is all about *publishing* an internal PcAnywhere host. That is *inbound* access and therefore the direction should be inbound for TCP and receive/send for UDP. So, this is 100% correct for the publishing scenario.
Now, you want also that an internal host can connect to an external PcAnywhere destination. So, that is *outbound* access and therefore the direction should be outbound for TCP and send/receive for UDP. So, this is 100% correct for the outbound access scenario.
Because you want to support BOTH scenario's, you have to create TWO protocol definition sets:
1) for the publishing scenario:
- PC-Anywhere-1 Server: 5631 - TCP - Inbound
- PC-Anywhere-2 Server: 5631 - UDP - Receive/Send
- PC-Anywhere-3 Server: 5632 - TCP- Inbound
- PC-Anywhere-4 Server: 5632 - UDP - Receive/Send
2) for the outbound access scenario:
- PC-Anywhere-1 : TCP port 5631 Outbound
- PC-Anywhere-2 : UDP port 5631 Send/Receive
- PC-Anywhere-3 : TCP port 5632 Outbound
- PC-Anywhere-4 : UDP port 5632 Send/Receive
Hope this make it more clear!
HTH,
Stefaan
[ November 10, 2003, 11:55 PM: Message edited by: spouseele ]
|
|
|
|
|
RE: pcanywhere and terminal services - in but not out? - 11.Nov.2003 12:00:00 AM
|
|
|
asuh
Posts: 69
Joined: 2.Jul.2001
From: Houston, Texas
Status: offline
|
...Well, if I knew to read correctly, I might have actually figured it out on my own. But, thus, that's why I was so confused and had to ask you all these questions!
I think that worked and thank you for your help once again! I seriously need some vacation time. You are very kind to be offering all these people help.
|
|
|
|
|
RE: pcanywhere and terminal services - in but not out? - 11.Nov.2003 11:43:00 PM
|
|
|
asuh
Posts: 69
Joined: 2.Jul.2001
From: Houston, Texas
Status: offline
|
Well, I can only speak for myself when I say this. It's not that I don't understand what I'm reading, it's that my mind sees the situation, knows the answer, and can't think outside the box. I read that article, printed it out and referenced back to it at least a billion times going over and over just to verify that I setup everything correctly. I know it's not hidden or anything, but my problem just wasn't obvious to me.
Hopefully others will find this useful as I have. And again I appreciate your support.
|
|
|
|
|
RE: pcanywhere and terminal services - in but not out? - 12.Nov.2003 12:19:00 AM
|
|
|
asuh
Posts: 69
Joined: 2.Jul.2001
From: Houston, Texas
Status: offline
|
Oh my gosh, you're right. Now I'm embarrased!
You know, I remember when you posted that and I was thinking to myself that you were just stating the obvious. I had been reading that PCAnywhere article and although I clearly saw what you typed, I didn't pay attention to the detail because my mind only saw that article. It was a mental mistake.
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
![[Wink]](/image/smiles/wink.gif)
![[Smile]](/image/smiles/smile.gif)
![[Cool]](/image/smiles/cool.gif)
