Link to home
Start Free TrialLog in
Avatar of emiahmad
emiahmadFlag for Saudi Arabia

asked on

ISA 2006 Ignores Publish rules

Hi
I have ISA 2006, and I successfully published both OWA and Activesync , now when I tried to Publish POP3 server and try to access the published server from outside but it fails and when I checked the log it seams that ISA server ignores the publishing rule and forward the request to the last deny rule.
I configured my Exchange server to have its default gateway the ISA server internal NIC.

any help about this
SOLUTION
Avatar of EricTViking
EricTViking
Flag of United Kingdom of Great Britain and Northern Ireland image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of emiahmad

ASKER

I used the wizard to creat mail publishing rule and select client access , POP3 as a protocol
the destination is the internal IP address of Exchange server and the Network/Listener I select External
Did you use "POP3 Server" as your protocol?

POP3 is outbound traffic
POP3 Server is inbound traffic.

You need to allow inbound.
Yes I used POP3 Server as a Protocol
That's good. To confirm this your POP3 rule is somthing like Allow, POP3 Server, from Anywhere to x.x.x.x, for network External. Where x.x.x.x is your Exchange server IP address?

What happens if you move your POP3 rule to the top of you firewall policy rule list?

And are you  running Anti-Virus software on your ISA server that might be interfering with (filtering) POP3 traffic?
Yes that is exactly the configuration , and there is no Antivirus of endpoint protection installed in ISA.
also I tried to move the rule to the top of the rule list and got the same result.
I noticed that when a POP3 traffic comes to the ISA it interprets it as it distened from External Network as a source to the local host as a destination.
I attached a screen shoot showing the log
ISA-Log.JPG
What happens if you change the 'From Anywhere' in your rule to 'From External'?
I also tried this and got the same result , strange right ?!
Yes, very strange - the incoming POP3 traffic is definitely not matching with your allow POP3 rule!

Can you try to dsiable the POP Intrusion filter on your POP3 firewall rule? (Double click POP3 Server protocol on your firewall rule -> Parameters tab -> Application Filters).
I also tried this and got the same result , I'll get mad :-)
How about, create a new firewall rule (not a publishing rule), Allow, Selected Protocols (POP3 Server), from External, to Localhost & Internal for all users. Put it at the top of your rule list and see if incoming POP3 traffic still gets bounced by the default rule.
I tried also and got the same result
In your screenshot, is the destination IP in your internal network?

And have you tried disabling the bandwidth splitter?
ASKER CERTIFIED SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of BrendanKing
BrendanKing

I'm having the same issue trying to redirect port 3391 externally to 3389 internally - the policy is there but is getting ignored and the default rule is applying and denying.
Network rules do not have an external to internal route rule.