Re: Witch rule to allow firewal client to connect to isa server ?
- From: "A. Klimkin" <aklimkin at mail dot ru>
- Date: Wed, 9 Nov 2005 17:10:40 +0300
> recipient ip : 172.18.0.1 (network gateway .. my isa server)
> sender ip : 172.18.100.100 (the client ip)
> Destination port : 1745
> Protocol : unindentified
> connection : close
It does not make much sense in this situation. At least for me ;-)
I'd say that there is nothing uncommon. Protocol is 'unidentified' just
because there is no protocol description for firewall client control
channel.
You should look for any 'Denied' connections to see what protocol is really
blocked by which policy.
> -) i have a tri-home network : perimeter, internal, external
OK.
Have you configured the ISA server using ISA configuration wizard?
> -) i have 3 internal subnet (172.16, 172.17. , 172.18) .. where i could
> see
> which subnet does isa server belong to ?
What are IP addresses of each of your ISA interfaces?
What are subnet masks?
What are (if any) default gateways?
Which networks those interfaces are physically connected?
And what do you mean by "I have 3 internal subnets"? How do they connected
with each other? By hardware router? What are subnet masks on each client?
I believe your problem is slightly misunderstanded IP subnetting concept.
Just as I can see from your explanations and questions...
Regards,
Andrew
>
> "A. Klimkin" <aklimkin at mail dot ru> a écrit dans le message de news:
> eidzTrS5FHA.1464@xxxxxxxxxxxxxxxxxxxxxxx
>> What does that log records look like?
>> What is your networks configuration?
>> Which subnets does your ISA server interfaces belongs to?
>>
>> Regards,
>> Andrew
>>
>> "moi" <me@xxxxxxx> wrote in message
>> news:%23i1J0iS5FHA.1248@xxxxxxxxxxxxxxxxxxxxxxx
>>>I have enable it ...
>>> In the Log, i see that fireclient try the port 1745 with the isa server
>>> withtout success ...
>>>
>>> In the rules base, i just create a rule that allow all port from this
>>> computer to all networks but with user authentification (my isa server
>>> is
>>> a domain member) .
>>>
>>> Help...
>>>
>>> "A. Klimkin" <aklimkin at mail dot ru> a écrit dans le message de news:
>>> udkXR9R5FHA.2628@xxxxxxxxxxxxxxxxxxxxxxx
>>>> There is no special rule in policies list that allow firewall client to
>>>> communicate with ISA server.
>>>> But you have to put a flag at 'Enable Firewall client support for this
>>>> network' checkbox at particular network properties.
>>>> Without this option enabled ISA will not handle firewall client
>>>> requests
>>>> from this subnet.
>>>>
>>>> Regards,
>>>> Andrew
>>>>
>>>> "Ouba" <ouba974@xxxxxx> wrote in message
>>>> news:OYZF$LQ5FHA.2552@xxxxxxxxxxxxxxxxxxxxxxx
>>>>> Hello,
>>>>> Is there a special rule to allow firewall client to connect to isa
>>>>> server ? rule with port 1745 open ?
>>>>>
>>>>> thanks a lot ...
>>>>>
>>>>
>>>>
>>>
>>>
>>
>>
>
>
>
.
- Follow-Ups:
- References:
- Witch rule to allow firewal client to connect to isa server ?
- From: Ouba
- Re: Witch rule to allow firewal client to connect to isa server ?
- From: A. Klimkin
- Re: Witch rule to allow firewal client to connect to isa server ?
- From: moi
- Re: Witch rule to allow firewal client to connect to isa server ?
- From: A. Klimkin
- Re: Witch rule to allow firewal client to connect to isa server ?
- From: moi
- Witch rule to allow firewal client to connect to isa server ?
- Prev by Date: Re: change ISA IP address
- Next by Date: Re: Server 2003 sp 1 - ISA server 2000 sp2 - 10060 connection timeout
- Previous by thread: Re: Witch rule to allow firewal client to connect to isa server ?
- Next by thread: Re: Witch rule to allow firewal client to connect to isa server ?
- Index(es):
Relevant Pages
|
Loading
