Solved

connection timeout while connectting to only one web site with ISA, it is available through dial-up

Posted on 2003-11-24
5
185 Views
Last Modified: 2010-04-09
Hi experts,
Here is my problem. We are using ISA server and one site had become unavaliable 3 days before. Nothing changed in ISA , I was not at the office. It is a bank's site that was working just fine with our ISA for over a year.  

When I try to connect to the site ISA returns connection timeout error.  
We can enter the site using dial up without a problem.
I tried connecting with ip address but couldn't, also.
Our ISP can connect without a problem.
Only ISA part is left. I configured a rule for full access to that side including ip address but it did not work.

I can trace the web site with our router, it does not give timeout.

What can be the problem or what can I do  
 
0
Comment
Question by:nurhal
5 Comments
 
LVL 24

Expert Comment

by:shivsa
ID: 9809121
did u update IE recently. updated some securtity fix on IE. if yes then it must have caused this.
try to remove those update and try again and see if it works.
0
 
LVL 33

Assisted Solution

by:MikeKane
MikeKane earned 250 total points
ID: 9817963
If your setup looks like this

INTERNET
|
Router
|
ISA Server
|
Internal Network.  

Then I would recommend the following to help further isolate the point of failure.    

1)  Use a laptop or other client situated between the router and ISA.   Assign it the ISA's IP address and remove the ISA fromthe picture temporarily.    Configure DNS and Gateway and see if you have any trouble.     If you CAN get out to this trouble-site with the laptop, then we focus on the ISA go to step 2.    If you CAN NOT get to the site, then your router may need attention due to bad coding, recent IOS upgrades, downstream issues...etc....  

2) Remove the laptop and plug the ISA back in.   Can the ISA ping the site by name and get resolution.    If NO then check DNS settings.  If YES then go to Step 3

3) HAve you performed any updates to the ISA?   Service packs, IE, Patches, new applications, anything?  If YES then Roll back the updates, if NO then got to step 4

4) Post some additional details about the ISA for me.  Service pack, hardware, and some ipranges (if you are comfortable with that) would be helpful to further diagnose the issue.

0
 
LVL 79

Accepted Solution

by:
lrmoore earned 250 total points
ID: 9820083
You might set the MTU on the ISA server lower than the default max 1500
The recent outbreak of Welchia and MSBlast worms has caused many ISP's and other network managers to block ICMP. This is a knee-jerk reaction that has far reaching consequences. One of those is the inherenet ability of MS operating systems to adjust dynamically using Path MTU Detect. Blocking ICMP blocks the "unreachable" packets that PMTUD depends on to adjust. No unreachable, no adjustment, just timeouts. This helps explain why this is a recent phenomenon with no changes on your part.
If you set the Max MTU size on the server to 576 (same as dialup) you'll never have this problem again..

ICMP - PMTUD - IDENT - Black Hole
http://www.winguides.com/registry/display.php/887/
http://www.cisco.com/warp/public/105/38.shtml
http://www.netheaven.com/pmtu.html
http://support.microsoft.com/default.aspx?scid=kb;en-us;159211
PMTUD fails after WIN2K SP2
http://support.microsoft.com/default.aspx?scid=kb;en-us;301337
0
 
LVL 23

Expert Comment

by:Tim Holman
ID: 10976342
No comment has been added to this question in more than 21 days, so it is now classified as abandoned..
I will leave the following recommendation for this question in the Cleanup topic area:

--> Split between lrmoore and MikeKane.

Any objections should be posted here in the next 4 days. After that time, the question will be closed.

tim_holman
EE Cleanup Volunteer
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

If you are like regular user of computer nowadays, a good bet that your home computer is on right now, all exposed to world of Internet to be exploited by somebody you do not know and you never will. Internet security issues has been getting worse d…
The DROP (Spamhaus Don't Route Or Peer List) is a small list of IP address ranges that have been stolen or hijacked from their rightful owners. The DROP list is not a DNS based list.  It is designed to be downloaded as a file, with primary intention…
Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…
This tutorial demonstrates a quick way of adding group price to multiple Magento products.

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now