Re: Connection denied
From: Mykhaylo Khodorev (ralfeus_at_chicagocentre.com.ua)
Date: 11/03/04
- Next message: Nick: "Re: w3proxy.exe taking up over 300mb mem"
- Previous message: Andreas Dionysopoulos [MCSE]: "RE: Hotmail Autentication"
- In reply to: Tristan Kington [MSFT]: "Re: Connection denied"
- Next in thread: Tristan Kington [MSFT]: "Re: Connection denied"
- Reply: Tristan Kington [MSFT]: "Re: Connection denied"
- Messages sorted by: [ date ] [ thread ]
Date: Wed, 3 Nov 2004 12:23:01 +0200
Who told about Internet address?
The server is a internal firewall. Both network this server connected to are
private. Another server that is backup internal firewall use just routing.
And everything works fine.
"Tristan Kington [MSFT]" <tristank@online.microsoft.com> wrote in message
news:%23wSm2pXwEHA.1400@TK2MSFTNGP11.phx.gbl...
> Hi,
>
> This is not actually an ISA Server issue, it's an IP routing issue.
>
> If you remove ISA Server and just configure routing between two network
> adapters, you'll get the same behaviour.
>
> Between a private IP address and an Internet IP address, a Route
> relationship can't exist; you must NAT.
>
> The ISP will not route packets back to your external IP that have a source
> address of a private IP address range.
>
> --
> http://blogs.msdn.com/tristank/
> --
> This post is provided "AS-IS", and confers no warranty.
>
>
> "Mykhaylo Khodorev" <ralfeus@chicagocentre.com.ua> wrote in message
> news:cma24n$2qab$1@news.dg.net.ua...
>> I've found a strange behavior of ISA 2004 (Windows 2003 Server
>> Standard). At the beginning the network rule was:
>> Source networks: Internal
>> Dest networks: All networks (and Local Host)
>> Relation: NAT
>>
>> and firewall rule was:
>> From: Internal
>> To: All networks (and Local Host)
>> Condition: All users
>> Protocols: pings
>> Action: Allow
>>
>> I could ping any external destination.
>> But when I've changed Relation of network rule from NAT to Route, I've
>> got such records in the log:
>> Client IP: 192.168.0.200
>> Destination IP: 216.109.112.135
>> Destination Port: 0
>> Protocol: Ping
>> Action: Initiated Connection
>> Rule: Allow Pings
>> Source network: Internal
>> Dest network: External
>>
>> Client IP: 192.168.0.200
>> Destination IP: 216.109.112.135
>> Destination Port: 0
>> Protocol: Ping
>> Action: Denied Connection
>> Rule:
>> Source network: Internal
>> Dest network: External
>>
>> Client IP: 192.168.0.200
>> Destination IP: 216.109.112.135
>> Destination Port: 0
>> Protocol: Ping
>> Action: Denied Connection
>> Rule:
>> Source network: Internal
>> Dest network: External
>>
>> Client IP: 192.168.0.200
>> Destination IP: 216.109.112.135
>> Destination Port: 0
>> Protocol: Ping
>> Action: Closed Connection
>> Rule: Allow pings
>> Source network: Internal
>> Dest network: External
>>
>> I read on microsoft.com that when packet is dropped before getting rules
>> engine the rule name won't appear. But why packet can be dropped before
>> getting rules engine? Why NAT is working fine, but route doesn't?
>> Thanks.
>> Mykhaylo Khodorev
>>
>
>
- Next message: Nick: "Re: w3proxy.exe taking up over 300mb mem"
- Previous message: Andreas Dionysopoulos [MCSE]: "RE: Hotmail Autentication"
- In reply to: Tristan Kington [MSFT]: "Re: Connection denied"
- Next in thread: Tristan Kington [MSFT]: "Re: Connection denied"
- Reply: Tristan Kington [MSFT]: "Re: Connection denied"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
