'RE: ISA Server oddity or feature : SOLVED'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       focus-ms
Subject:    RE: ISA Server oddity or feature : SOLVED
From:       "James D. Stallard" <cds () cionlne ! com>
Date:       2001-11-26 19:01:10
[Download RAW message or body]

All

Thank you to everyone who replied to the list and privately
The problem was indeed packet filters, I have assumed (incorrectly) that
as all the other clients were operating fine the problem was elsewhere.

The solution was 2 additional packet filters as follows:
TCP outbound, remote fixed-110, local any.
TCP inbound, remote fixed-25, local any.

My own attempts had failed because I had set my packet filters to fix
the LOCAL port and not the remote ports of 110 and 25 respectively -
duh!

Thanks again
 
Regards
 
James D. Stallard
james@leafgrove.com
Mobile: 07979 49 88 80
Tel: 0118 9345 020
Fax: 0118 9340 518
www.leafgrove.com


-----Original Message-----
From: Jim Harrison (SPG) [mailto:jmharr@microsoft.com] 
Sent: 26 November 2001 18:03
To: leafgrove@leafgrove.com
Cc: focus-ms@securityfocus.com
Subject: RE: ISA Server oddity or feature


Inline...

* Jim Harrison 
MCP(NT4, 2K), A+, Network+
Services Platform Group
*(425) 705-7275 



-----Original Message-----
From: James D. Stallard [mailto:leafgrove@btinternet.com] 
Sent: Monday, November 26, 2001 00:45
To: focus-ms@securityfocus.com
Subject: ISA Server oddity or feature


Folks

I have a Windows 2000 advanced server running Micrsoft ISA Server as the
internet gateway. All machines on the rest of the LAN are able to browse
the web and send/receive email.

The machine running ISA server has outlook installed on it to povide
MAPI services to a third party monitoring application and before it had
ISA server installed all ran fine.

* MAPI is RPC-based.  I personally wouldn't want RPC open _to_ the ISA.
Is this directly available, or accessed via terminal services?

Oulook is no longer able to send/receive email and telnetting from the
command line to the relevant ports is also failing. As the machine is
still able to access the web and has no special firewall rules beyond
the defaults, I am wondering if this is an oddity, a bug or a
misconfiguration somewhere.

* All services and applications on the ISA itself need packet filters to
allow them to communicate.  The only exception to this is for IE or any
CERN-compatible proxy client.  You can point it to "localhost:8080" (or
whatever port your outgoing web requests listener is operating on).
* for instance, POP3 requires a packet filter as:
TCP outbound, remote fixed-110, local any.

NSLOOKUP, PING and FTP all work fine, just not POP/SMTP

ISA server has a bunch of rules dictating access to specify by subnet,
group, user etc but all these are non specific.

So, can anyone tell me why I can no longer send/receive email from this
machine?

Thank you in advance. 
Regards
 
James D. Stallard
james@leafgrove.com
Mobile: 07979 49 88 80
Tel: 0118 9345 020
Fax: 0118 9340 518
www.leafgrove.com

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic