Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1457
  • Last Modified:

Problem configuring ISA for Blackberry Enterprise Server connection

Hi everyone,

I've been looking at a solution for a couple of days now and i'm not able to find an answer, so i hope you guys can help me.

My Blackberry server is in my internal network behind the ISA server 2004.

I created an access rule :
Allow Port 3101 from my BES server to *.blackberry.net (srp address) for all users.

I saw a couple of discussions saying that it only needs that to work.  However, it doesnt.

I received the following error :
Denied Connection - A non-SYN packet was dropped because it was sent by a source that does not have an established connection with the ISA Server computer.

So, my Bes server is able to send the 1st request to the srp.na.blackberry.net but not the second or third...

Initiated Connection at 23:05:18
Log type : Firewall service
Status : The operation completed successfully
Rule : Allow Blackberry
Source : Internal (x.x.x.x:2300)
Destination : External (srp.na.blackberry.com 204.187.87.33:3101)
Protocol : Blackberry

Denied Connection at 23:05:26
Log type : Firewall service
Status : A non-SYN packet was dropped because it was sent by a source that does not have an established connection with the ISA Server computer.
Rule : -
Source : Internal (x.x.x.x:4982)
Destination : External (srp.na.blackberry.com 204.187.87.33:3101)
Protocol : Blackberry

I know it's not an issue on my blackberry server because it works if it's not behind the ISA.

Thank you to help me with this huge problem!
0
Vision_Globale
Asked:
Vision_Globale
  • 5
  • 3
1 Solution
 
Nyah247Commented:
I have the following firewall rule:

Allow > Blackberry In (3101 TCP Inbound)/Blackberry Out (3101 TCP Outbound) > BES IP/External to BES IP/External > All users.

It works for me.
0
 
Nyah247Commented:
Worst comes to absolute worst you can run the firewall client on the BES Server but that is not recommended.  The firewall client should stay off the servers.  So...with that in mine, I would only try that if you are under serious fire to get it working and need a little time to troubleshoot.
0
 
Vision_GlobaleAuthor Commented:
Ok, i'll try that.

For the firewall client, i already tried that, but no success so i uninstall it.
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
Vision_GlobaleAuthor Commented:
I made the following rule :

Allow > Blackberry IN (3101 Inbound)/Blackberry OUT (3101 Outbound) > Anywhere to Anywhere > All users.

It still doesnt work...
0
 
Nyah247Commented:
Anything in the monitor when you try to make a connection?  Are they still the same as before?  
0
 
Vision_GlobaleAuthor Commented:
Still the same...

A non-SYN packet was dropped because it was sent by a source that does not have an established connection with the ISA Server computer.
0
 
Vision_GlobaleAuthor Commented:
I upgraded our BES server to 4.1.6 in case that was the cause of the problem... but still the same.
0
 
Vision_GlobaleAuthor Commented:
Weird problem... but solved!
It was the default protocol FTP that was changed and probably port configured were probably in conflict with the port 3101.  I remove the change made to the default protocol FTP and create another and now it works...
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 5
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now