Solved

The connection to iaicam2.u-strasbg.fr the port 1520 can not be established !

Posted on 2007-11-23
5
615 Views
Last Modified: 2008-11-17
Hi friends !

I am facing a problem when accessing an educational site: http://www.iaicam2.u-strasbg.fr 

This is a website for an education institute named: Institut Africain d'informatique. It is used by the students for online courses. Many of the employees at my workplace are students of this institute. They have been given Username and Password to access this site.

Now, I have configured a new ISA firewall. And now when they try to access this site from their account, they can log on normally. There is no problem in authentication. But when there try to access the features in the website, they can't get access to them as one error message comes:

***************************************************************************************************************
The connection to iaicam2.u-strasbg.fr the port 1520 can not be established !

Possible causes:
1. You are behind a firewall, you must open the port 1520 TCP in output.
2. Your workstation is behind a Proxy, you must configure the Proxy in SOCKS mode.

***************************************************************************************************************

Please see my ISA Firewall Configurations:

Internal IP: 192.168.5.223
SNM: 255.255.255.0
Gateway:
Preferred DNS: 192.168.5.1 (Internal DNS Server + DC)
Secondary DNS:      


External IP: 196.12.153.10
SNM: 255.255.255.248
Gateway: 196.12.153.0 (Cisco 2600XM Router's Internal Interface, This Router's External Interface is Fiber Optics line from ISP)
Preferred DNS Server: 66.178.96.2 (ISP DNS Server)
Secondary DNS Server: 66.178.97.2 (ISP DNS Server)

Now, I have created only one Firewall Policy named: Internet Access to KIE. Please see the Policy Rule...

Policy: Array
Name: Internet Access to KIE
Action: Allow
Protocol: All Outbound Traffic
From: Internal, Local Host
To: External, Local Host
Users: All Users
Schedule: Always
Content Types: All Content Types


Now, all of the Internal XP Client PCs are able to connect to internet and they are exploring all the sites without any problem. There is no problem in the firewall. These Client PCs are set to Gateway 192.168.5.223 and in their Internet Explore--->Tools---->Internet Options---->Connections----->LAN Settings--->No Proxy is set. It means they are using ISA as a firewall.

Previously, ISA 2000 was running as Proxy Server and employees were able to access all the site features from http://www.iaicam2.u-strasbg.fr. It means there is no Firewall set on my Cisco 2621XM Router.

In many of the XP Client PCs, Windows Firewall is off.

Now, please tell me why this Port 1520 error is coming after the successful user authentication to http://www.iaicam2.u-strasbg.fr.

Do I need to create any Outbound to Inbound access rule to open 1520 Port ? Please help me in solving out this problem.

Regards,

Hemant
0
Comment
Question by:JatinHemant
  • 2
  • 2
5 Comments
 
LVL 1

Assisted Solution

by:NCSITS
NCSITS earned 150 total points
ID: 20338753
I would suggest that port 1520 is not required for authentication which is why they can logon successfully, I would allow connections through Port 1520, but only from the IP address of the website in question.
0
 
LVL 51

Assisted Solution

by:Keith Alabaster
Keith Alabaster earned 350 total points
ID: 20340074
The Socks proxy is not enabled by default.
Open the Gui, select configuration - add-ins and check the Socks filter has been enabled.

0
 

Author Comment

by:JatinHemant
ID: 20340338
Thanks for your replies...

Hi NCSITS !

You see, I have told you that I am using ISA as a firewall and it has everthing allowed from local host and internal to external (Internet). All the users are allowed to browse any internet site without any restriction. I think that it means all the ports are open.

Suppose, I type www.google.com, it means my web browser is using one port number suppose 2239 (>1023) and web server of google is opening its port 80 to make connection. Does google web server requests my client PC to open a new port other than 2239 to keep the communication on.

Please explain me clearly. I have created only one firewall policy as I told you and that is for unrestricted internet access. And there is no Policy from External to Internal to open port number 1520.

And keith_alabaster !

Please tell me is there any use of enabling SOCKS Proxy as I am not using my ISA as a Proxy server ! I am using it in two network card scenario as a Firewall as I told you in my first post. and Also tell me what are these SOCKS filters ?

Thanks again.

Hemant
0
 
LVL 51

Accepted Solution

by:
Keith Alabaster earned 350 total points
ID: 20340528
A socks proxy and a web proxy are not the same thing are they but it is your system, you know best I am sure. I am not going to try and explain what a SOCKS proxy is in this question - just Google for it.
In ISA, there is no such thing as 'allow unrestricted access' unless you create a protocol that covers every port from 0 - 65535 for both tcp and udp and ypou put this in a rule.

ISA blocks everything that is not specifically allowed. If you have put a rule into ISA saying allow All Protocols then this means allow 'all' protocols that are deined in the protocols list. if isa does not know about a protocol then it is not in the protocol list. If it is not in the protocol list then it is denied.

Make a new protocol for tcp port 1520 - 1520 and give it a name. Apply ther policy. This will add the new protocol to the protocol list. Now your All protocols list will include the new protocol for port 1520 also.



0
 

Author Comment

by:JatinHemant
ID: 20396282
It seems very surprising to me that I didn't do anything and now this morning when I tried the same site, it worked fine. But thanks for your support...

Hemant
0

Featured Post

New! My Passport Wireless Pro Wi-Fi Mobile Storage

Portable wireless storage to offload, edit, and stream anywhere.

High-capacity, wireless mobile storage designed to accompany professional photographers and videographers in the field to easily offload, edit and stream captured photos and high-definition videos.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article is in response to a question (http://www.experts-exchange.com/Networking/Network_Management/Network_Analysis/Q_28230497.html) here at Experts Exchange. The Original Poster (OP) requires a utility that will accept a list of IP addresses …
We recently endured a series of broadcast storms that caused our ISP to shut us down for brief periods of time. After going through a multitude of tests, we determined that the issue was related to Intel NIC drivers on some new HP desktop computers …
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…

895 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now