Welcome to ISAserver.org
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
secure NAT client refuses connection
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
secure NAT client refuses connection - 14.Mar.2006 12:51:55 PM
|
|
|
Kleinjo
Posts: 1
Joined: 14.Mar.2006
Status: offline
|
Hello,
I have a strange problem I can't find a solution.
The system is an ISA Server 2000 with Service Pack 2 installed,
running on a SBS 2000 Server with Service Pack 4 installed.
The ISA Server is installed in integrated mode and equipped with two
ethernet network adapters.
The external ethernet adapter is directly connected to a DSL-Modem, and has
the PPPoE protocol bound. The IP Adress is assigned dynamicly by the ISP.
Problem:
I've created a POP3 packet filter of the following form:
Protocol: TCP
Direction: Outgoing
Local Port: Dynamic
Remote Port: 110
Local computers: All external ISA interfaces
Remote computers: All Remote computers
If I'm using telnet to connect to a POP3 Server on the internet from the ISA Server
itself everything works fine, but when I'm trying to do this from a secure NAT
client, the connection is established and immediately afterwards disconnected.
I've followed this process using ethereal and found the folowing packet exchange
taking place.
No. Time Source Destination Protocol Info
1 0.000000 192.168.85.21 213.165.64.22 TCP 1243 > pop3 [SYN] Seq=0 Ack=0 Win=65535 Len=0 MSS=1460
2 0.000235 213.165.64.22 192.168.85.21 TCP pop3 > 1243 [SYN, ACK] Seq=0 Ack=1 Win=17520 Len=0 MSS=1460
3 0.000366 192.168.85.21 213.165.64.22 TCP 1243 > pop3 [ACK] Seq=1 Ack=1 Win=65535 Len=0
4 0.000831 213.165.64.22 192.168.85.21 TCP pop3 > 1243 [FIN, ACK] Seq=1 Ack=1 Win=17520 Len=0
5 0.000930 192.168.85.21 213.165.64.22 TCP 1243 > pop3 [ACK] Seq=1 Ack=2 Win=65535 Len=0
If I'm configuring the secure NAT client as Firewall Client with a POP3 protocol rule
activated on the server, everything works fine.
Next I've disabled the Firewall client, turning it back into a secure NAT client, and
disabled the POP3 protocol rule and the POP3 packet filter at the ISA Server.
When I tried using telnet from the ISA Server, to connect to a POP3 Server
on the internet, the connection has been blocked by the packet filters.
I could verify this by looking into the packet filter logs.
When I tried to do the same procedure from the secure NAT client, the same packet exchange
as mentioned above took place. (The POP3 packet filter is still disabled).
Why I'm I unable to connect to a POP3 Server on the internet as secure NAT client?
Why is the secure NAT client able to do the TCP Handshake, if there's no POP3 packet filter
defined?
Any help would be appreciated.
greetings,
Johannes
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
