RE: Client can't tracert public address
From: John [MSFT] (jhawkins_at_online.microsoft.com)
Date: 07/26/04
- Next message: John [MSFT]: "RE: Block EBAY web Site"
- Previous message: John [MSFT]: "Re: Could someone tell me how to locate things in the network?"
- In reply to: ricky chan: "RE: Client can't tracert public address"
- Next in thread: ricky chan: "Re: Client can't tracert public address"
- Reply: ricky chan: "Re: Client can't tracert public address"
- Messages sorted by: [ date ] [ thread ]
Date: Mon, 26 Jul 2004 22:15:14 GMT
OK so something is not configured right. Tell me if this works or not. If
you stop the Microsoft ISA Server Control Service (which stops all ISA
Services) and then do this tracert from the ISA Server itself does it work?
If not the you do not have an ISA issue some on the external side of ISA
has a problem with tracert traffic.
If it does not work the turn the service back on and go to the following
site:
www.isatools.org
Download the ISAinfo.exe and run it on your ISA Server. Please send the
attached file back to me directly. Just remove the "online" out of my email
address you see.
Thank you,
John Hawkins
Security Support
Microsoft Corporation
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
>From: "ricky chan" <chan-r@marubeni.com>
>Subject: RE: Client can't tracert public address
>Date: Fri, 23 Jul 2004 15:32:15 -0400
>Lines: 52
>X-Priority: 3
>X-MSMail-Priority: Normal
>X-Newsreader: Microsoft Outlook Express 6.00.2800.1437
>X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1441
>Message-ID: <e#0jIvOcEHA.1356@TK2MSFTNGP09.phx.gbl>
>Newsgroups: microsoft.public.isa.configuration
>NNTP-Posting-Host: pool-162-83-213-210.ny5030.east.verizon.net
162.83.213.210
>Path: cpmsftngxa06.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP09.phx.gbl
>Xref: cpmsftngxa06.phx.gbl microsoft.public.isa.configuration:7655
>X-Tomcat-NG: microsoft.public.isa.configuration
>
>Hi John,
>
>Thanks for your reply. However, when I tried tracert cnn.com, yahoo.com
>.....etc. They all have the same response as hotmail.com...
>
>
>C:\Documents and Settings\Administrator>tracert www.yahoo.com
>
>Tracing route to www.yahoo.com [216.109.127.28]
>over a maximum of 30 hops:
>
> 1 <1 ms <1 ms <1 ms x.x.x.x <------This will be default gateway
>of external nic.
> 2 * * * Request timed out.
> 3 * * * Request timed out.
> 4 * * * Request timed out.
>
>When I tried to ping yahoo.com, cnn.com...etc. I got "Request timed out."..
>
>
>What's wrong? I didn't touch all the default packet filter that created in
>my isa server, except disable the "ICMP ping response (in)"
>
>I only created one packet filter for the DNS according from
>http://www.isaserver.org/articles/snatdns.html.
>
>IP protocol: TCP
>
>Direction: Outbound
>
>Local Port: All ports
>
>Remote port: Fixed port 53
>
>
>
>This packet is going to use for support the use of TCP port 53 for DNS
>queries.
>
>
>
>I also configure this ISA server as web proxy, it's working fine.
>
>
>
>Please let me know.
>
>
>Thanks
>Ricky
>
>
>
- Next message: John [MSFT]: "RE: Block EBAY web Site"
- Previous message: John [MSFT]: "Re: Could someone tell me how to locate things in the network?"
- In reply to: ricky chan: "RE: Client can't tracert public address"
- Next in thread: ricky chan: "Re: Client can't tracert public address"
- Reply: ricky chan: "Re: Client can't tracert public address"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
