UDP Rule Ignored
- From: "Will" <westes-usc@xxxxxxxxxxxxxx>
- Date: Mon, 31 Jul 2006 21:00:36 -0700
I have an ISA Server 2004 rule that seems to be not taking, and what is
stranger is how the monitor is showing the packets.
One of our "internal" segments is a dedicated NTP server on Windows that is
pretty much isolated on its segment and can only get out and in by NTP and a
proprietary superset of NTP that the vendor supports for the product. The
box had to be put behind ISA Server 2004 since it is our clock for all the
internal domain controllers. I have several boxes in front of the ISA
Server 2004, in a no man's land that is behind yet another firewall, that I
want the same NTP server to service. I could have published the UDP
protocol on the NTP server on the ISA, but I decided to flex ISA's
capabilities and just route the dedicated internal NTP network out to the no
man's land, and then I have a route on the no man's land to point back to
the NTP server on the dedicated internal NTP network using ISA Server 2004
as the "router".
What I see on the monitor of ISA Server 2004 baffles me. The route on the
no man's land is working fine. The proprietary NTP UDP variant packets
come in with a target IP pointing to the NTP server, presented on the
correct interface of the ISA Server 2004. But in the monitor ISA Server
2004 rejects the packets, and the baffling part is that it SHOWS NO RULE AS
MATCHING. I would expect if I had the rule wrong that the default rule
would catch this packet and it would be rejected using that rule. Instead,
the packet is denied, and NO rule shows as matching on the Denied line of
monitor. What the heck would cause that behavior?!
--
Will
.
- Follow-Ups:
- Re: UDP Rule Ignored
- From: Will
- Re: UDP Rule Ignored
- Prev by Date: how to let one folder of an FTP site have R/W access
- Next by Date: Re: ISA 2004 Enterprise in Checkpoint DMZs
- Previous by thread: how to let one folder of an FTP site have R/W access
- Next by thread: Re: UDP Rule Ignored
- Index(es):
Relevant Pages
|
