Re: still waiting for the book to fix this

From: Jim Harrison [MSFT] (jmharr_at_online.microsoft.com)
Date: 11/18/04

  • Next message: Chad Wickenheiser: "Re: ISA 2004 FW clients" 
    Date: Wed, 17 Nov 2004 19:58:03 -0800

    Unfortunately, that information isn't complete enough to understand all that ISA uses to make these decisions.
    Can you provide your ISAInfo?
    http://isatools.org/isainfo.org/isainfo/isainfo.zip

    You can send it to jim@isatools.org if you don't want to post it. 

    -- 
 Jim Harrison [ISASE]
 Read the help, books and articles!
 This posting is provided "AS IS" with no warranties, and confers no rights.
"menard" <menard@stanleyaviation.not> wrote in message news:ORAYwGBxEHA.1296@TK2MSFTNGP10.phx.gbl...
here is the xml export of the rule i'm trying to get to work.
hope this helps.
mike
"Jim Harrison [MSFT]" <jmharr@online.microsoft.com> wrote in message
news:urvEhX2wEHA.2600@TK2MSFTNGP09.phx.gbl...
> Without a detailed list of your existing rules, it's impossible to say why
> ISA chooses to drop that traffic.
> It's clear that ISA considers the traffic to fall outside of the defined
> rules, though.
>
> -- 
> Jim Harrison [ISASE]
> Read the help, books and articles!
>
> This posting is provided "AS IS" with no warranties, and confers no
> rights.
>
>
> "menard" <menard@stanleyaviation.not> wrote in message
> news:Oya8tpuwEHA.4004@tk2msftngp13.phx.gbl...
> i have 2 satalites who connect to our 'home'.
> home is isa 2000,
> one satalite is isa 2000
> the new 'test' satalite is isa 2004
> the difference is that the test site, can't do telnet port 23 to the
> legacy
> server.
> the other isa 2000 satalite can do telnet on port 23 with no problem
>
> the isa 2004 has log items that say :
>
>      log time destination ip  dest port protocol action rule client ip
> client user source net dest net
>      <date> 172.30.32.51 23 telnet denied connectoin default rule
> 172.31.31.8 denver\administrator   internal <demand dial interface
>
>
> i've put the 'telnet' protocal in a couple of the rules i've set up, but
> the
> system seems hard wired to deny telnet
> this is a show stopper for our updating to isa 2004
>
> is the answer in the book whcich i won't get till december?
>
> mike
>
>
>
  • Next message: Chad Wickenheiser: "Re: ISA 2004 FW clients"

    Relevant Pages

    • Re: Unable to Establish Telnet Connection on Ports 22 or 23
      ... 23 port of external server behind ISA. ... I recommend you to use the CEICW wizard to configure the SBS server ... Disable the ISA firewall client on client. ... Can you telnet 22 or 23 from SBS? ...
      (microsoft.public.windows.server.sbs)
    • Re: big problem with email
      ... I would then telnet ... to see if ISA is causing problems. ... cable from my laptop to the server external nic and test. ... If you try telnet without a space after the IP address and then a port ...
      (microsoft.public.windows.server.sbs)
    • Re: big problem with email
      ... I would then telnet ... to see if ISA is causing problems. ... cable from my laptop to the server external nic and test. ... If you try telnet without a space after the IP address and then a port ...
      (microsoft.public.windows.server.sbs)
    • RE: Telnet port 25
      ... I understand that you can not telnet 25 port ... to your ISA external NIC. ... Ensure the Exchange server is listening on external IP: ... try to telnet 25 ISA server's external IP. ...
      (microsoft.public.windows.server.sbs)
    • Re: big problem with email
      ... I would then telnet ... to see if ISA is causing problems. ... cable from my laptop to the server external nic and test. ... If you try telnet without a space after the IP address and then a port number, it will try port 23, which is the 'well-known' port for the telnet server. ...
      (microsoft.public.windows.server.sbs)
    Loading