Help! ISA install failure in CEICW

From: Buddy G (buddynosp_at_gcsbendnosp.com)
Date: 05/17/04

• Next message: Simon B: "SBS2003 ICS drama"
• Previous message: David Schrag: "Re: Break-in attempted -- how to respond?"
• Next in thread: Buddy G: "Re: Help! ISA install failure in CEICW"
• Reply: Buddy G: "Re: Help! ISA install failure in CEICW"
• Messages sorted by: [ date ] [ thread ]

Date: Sun, 16 May 2004 20:03:42 -0700

Hello again,
OK, I have put things back so that there are two nics.
Reran CEICW
CEICW fails when configuring the firewall.
In the wizard, I chose to create filters for Email, VPN, and Terminal
Services
And custom filters for RWW.

After the wiz failed, the services for ISA were not running and still set
for manual mode.

Q. Which services should be running / automatic for ISA?

Default access protocol rule is applied to Legalsrv\sbs internet users.
Because he has most everyone in non default OUs, no one has Internet users
membership. I looked in ISA server mgt console:
Access Policy | Site & Content Rules:
SBS Internet Access Site & Content Rule | Applies to Legalsrv\sbs internet
users
I added "Applies to: Legalsrv\Domain Users"
Did the same with SBS Internet Access Protocol Rule.
Restarted services using the ISA server mgt | Monitoring | Services tab.
Still cannot get internet access from workstation running F/W client.
I get "403" Forbidden - Yhe ISA server denies the specified URL (12202)
I then added my account to Internet Users group, still same 403 error.

Q. What should the Site & content rules look like based on my CEICW choices
above?

Packet filters:
Same thing - only the following were created:
DHCP client Allow (not enabled)
DNS Filter allow (the rest enabled)
ICMP outbound
ICMP ping response (in)
ICMP source quench
ICMP time out (in)
ICMP unreachable (in)
SBS PtppCallPredefinedType
SBS PtppReceivePredefinedType

I created a filter "Exchange" Allow using predefined SMTP policy element.
I can receive mail, but it looks like I cannot send it.

I think that if I can get the ISA server manually configured then I will be
OK.

Buddy G

• Next message: Simon B: "SBS2003 ICS drama"
• Previous message: David Schrag: "Re: Break-in attempted -- how to respond?"
• Next in thread: Buddy G: "Re: Help! ISA install failure in CEICW"
• Reply: Buddy G: "Re: Help! ISA install failure in CEICW"
• Messages sorted by: [ date ] [ thread ]

Relevant Pages Re: Intermittent Firewall 15108 Events on SBS2003/ISA2004 ... This newsgroup only focuses on SBS technical issues. ... of |> the internal network object). ... If the ISA server receives a package with an |> internal IP as source address from the external port, the package would be |> treated as a spoof attack. ... |> 825763 How to configure Internet access in Windows Small Business ... (microsoft.public.windows.server.sbs) Re: Eventid 15108... spoof address ???? ... This newsgroup only focuses on SBS technical issues. ... the ISA server identifies the spoof attacking according to ... |> the internal network object). ... |> server could receive some spoof attacks from the internet. ... (microsoft.public.windows.server.sbs) Re: Eventid 15108... spoof address ???? ... Microsoft CSS Online Newsgroup Support ... the ISA server identifies the spoof attacking according to ... |> the internal network object). ... |> server could receive some spoof attacks from the internet. ... (microsoft.public.windows.server.sbs) Re: Internet Intermittent Connection ... "Mohammed A. Raslan" wrote: ... Internal Network: 192.168.100.1 - 192.168.100.255 ... "ISA Server detected a proxy chain loop. ... internet. ... (microsoft.public.isa) Re: Internet Intermittent Connection ... Internal Network: 192.168.100.1 - 192.168.100.255 ... any other networks and remove any additional ranges if they are added. ... "ISA Server detected a proxy chain loop. ... I have an intermittent Internet connection that has been going on ... (microsoft.public.isa)

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint