I am currently running ISA Standard 2006 on a Win 2003 server as our firewall.
I have set up publishing rules for SMTP traffic to/from our Exchange 2003 SP2 server and mail, for the most part, works fine.
Except...
We have a few customers who claim we are "blocking" all their e-mail. When I finally was able to find out the IP address of their mail server (it doesn't match their mx record), I started monitoring the traffic for this IP. On every instance, this is the error:
port 25 denied 0xc0040017 FWX_E_TCP_NOT_SYN_PACKET_D
ROPPED
Now, I've spent the last 3 or 4 hours searching and reading about "FWX_E_TCP_NOT_SYN_PACKET_
DROPPED" and everything I find is for http or dns. The only threads I've found with this error on port 25 are not in English.
Most often, I find threads with people saying "this has already been solved! Try reading all the forums." I'm reading them. NOTHING matches with the issue we are having.
The closest "resolution" has been for ISA 2004 and to contact Microsoft for a special patch. But this is 2006, not 2004.
So, I am asking for help. I have a 3-leg perimeter firewall setup. We have a cisco router performing NAT, but no firewall functions. This connects directly to the External NIC on the ISA server. The internal port is a teamed gigabit pair and it has another NIC for a separate network segment (i.e. internet access but no internal access for presentations, etc).
Here is the error:
217.205.148.18 ISAGATE - TCP - - - - 45 00 00 2b 00 00 00 00 0e 06 2a e2 d9 cd 94 12 0a 0a 0a 02 ad a1 00 19 0b 5c 45 1d 00 00 00 00 50 04 00 00 5d 52 00 00 2/14/2007 7:53:14 AM 44449 0 0 0 0x0 0x0 Firewall - 2/14/2007 12:53:14 AM 10.10.10.2 25 SMTP Denied Connection 217.205.148.18 External Local Host 0xc0040017 FWX_E_TCP_NOT_SYN_PACKET_D
ROPPED
I would truly appreciate any guidance and assistance with this. While it is a small percentage of our mail traffic that this is happening, it is business lost every time.
Start Free Trial
