Re: Gateway Time out Issue Single NIC Web Proxy Config

PHILLIP, you are correct!

I believe what is happening is the UPSTREAM firewall is receiving traffic
from ISA on PORT 80.

The upstream firewall only accepts traffic on port 8080.

Very similar to ISA..In the section of WEB PROXY listener guys like US
configure it to be port 8080...

IS there anyway that you know of to get ISA to change destination port to
accomodate upstream firewall?

I am not in control of upstream firewall.

Does this make sense?


I found this out by looking at log :
Web Proxy Filter 7/24/2007 8:58:23
AM 192.168.133.162 66.48.41.22 80 http Failed Connection
Attempt KYLE Internal united\kblake Internal GET http://www.pointstreak.com/players/players-team.html?teamid=73120






"Phillip Windell" wrote:

"Kyle Blake" <KyleBlake@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:66FBF7FA-B182-4950-B41B-D06ABF3F2221@xxxxxxxxxxxxxxxx
If one thinks about it the client uses I.E. to come to ISA.

Correct

Isa then goes ok, dns lookup, done...then checks the rules for an allowed
rule and if met then what ???

Traffic is allowed and it passes to the Default Gateway of the ISA.

How does it know to go to another IP permiter firewall from there!?

It doesn't need to be another perimeter Firewall.

If the default gateway for the subnet I am on is not the internet feed nor
the gateway to get to the permiter firewall then what the heck!!!!!

It is up to whatever is the Default Gateway of the ISA to be smart enough to
know what to do with the traffic from that point. There could be 10, 50, a
100 LAN Routers between ISA and the "perimeter" device,...it doesn't
matter,..but those 10, 50, or 100 routers need to know what to do with the
traffic.

--
Phillip Windell
www.wandtv.com

The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------
Understanding the ISA 2004 Access Rule Processing
http://www.isaserver.org/articles/ISA2004_AccessRules.html

Troubleshooting Client Authentication on Access Rules in ISA Server 2004
http://download.microsoft.com/download/9/1/8/918ed2d3-71d0-40ed-8e6d-fd6eeb6cfa07/ts_rules.doc

Microsoft Internet Security & Acceleration Server: Partners
http://www.microsoft.com/isaserver/partners/default.asp

Microsoft ISA Server Partners: Partner Hardware Solutions
http://www.microsoft.com/forefront/edgesecurity/partners/hardwarepartners.mspx
-----------------------------------------------------



.

Relevant Pages

  • Re: Gateway Time out Issue Single NIC Web Proxy Config
    ... The upstream firewall only accepts traffic on port 8080. ... ISA in such a case would have to be configured to use and upstream proxy ... Microsoft ISA Server Partners: Partner Hardware Solutions ...
    (microsoft.public.isa.configuration)
  • Re: Gateway Time out Issue Single NIC Web Proxy Config
    ... The upstream firewall is a firewall (no proxy) Checkpoint Guardian. ... If I shut down ISA server services, go to I.E. and enter upstream firewall ... So since ISA is proxying the request and not NATing it. ...
    (microsoft.public.isa.configuration)
  • Re: sys/1386/i386/mptable.c rev 1.239 breaks boot.
    ... >> If a valid ELCR was found, consult it for the trigger mode of ISA ... ioapic0: intpin 1 bus ISA ... xl0: using port I/O ...
    (freebsd-current)
  • RE: SBS 2003, ISA 2004
    ... ISA and IIS try listening on these two ports. ... by default the Web Proxy is listening on port 8080 ... of the local network adapter. ... Microsoft CSS Online Newsgroup Support ...
    (microsoft.public.windows.server.sbs)
  • Re: Sound card on a Thinkpad 600E
    ... Here is a copy of my KERNEL file It has the sound driver I found on google ... device ata0 at isa? ... port IO_WD1 irq 14 ... pseudo-device splash ...
    (comp.unix.bsd.freebsd.misc)
Loading