ISA 2006 Ignores Publish rules

Hi
I have ISA 2006, and I successfully published both OWA and Activesync , now when I tried to Publish POP3 server and try to access the published server from outside but it fails and when I checked the log it seams that ISA server ignores the publishing rule and forward the request to the last deny rule.
I configured my Exchange server to have its default gateway the ISA server internal NIC.

any help about this
emiahmadAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

EricTVikingCommented:
Sounds like incoming POP3 traffic isn't matching with your POP3 rule.

What POP3 rule are you using?
0
emiahmadAuthor Commented:
I used the wizard to creat mail publishing rule and select client access , POP3 as a protocol
the destination is the internal IP address of Exchange server and the Network/Listener I select External
0
EricTVikingCommented:
Did you use "POP3 Server" as your protocol?

POP3 is outbound traffic
POP3 Server is inbound traffic.

You need to allow inbound.
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

emiahmadAuthor Commented:
Yes I used POP3 Server as a Protocol
0
EricTVikingCommented:
That's good. To confirm this your POP3 rule is somthing like Allow, POP3 Server, from Anywhere to x.x.x.x, for network External. Where x.x.x.x is your Exchange server IP address?

What happens if you move your POP3 rule to the top of you firewall policy rule list?

And are you  running Anti-Virus software on your ISA server that might be interfering with (filtering) POP3 traffic?
0
emiahmadAuthor Commented:
Yes that is exactly the configuration , and there is no Antivirus of endpoint protection installed in ISA.
also I tried to move the rule to the top of the rule list and got the same result.
I noticed that when a POP3 traffic comes to the ISA it interprets it as it distened from External Network as a source to the local host as a destination.
I attached a screen shoot showing the log
ISA-Log.JPG
0
EricTVikingCommented:
What happens if you change the 'From Anywhere' in your rule to 'From External'?
0
emiahmadAuthor Commented:
I also tried this and got the same result , strange right ?!
0
EricTVikingCommented:
Yes, very strange - the incoming POP3 traffic is definitely not matching with your allow POP3 rule!

Can you try to dsiable the POP Intrusion filter on your POP3 firewall rule? (Double click POP3 Server protocol on your firewall rule -> Parameters tab -> Application Filters).
0
emiahmadAuthor Commented:
I also tried this and got the same result , I'll get mad :-)
0
EricTVikingCommented:
How about, create a new firewall rule (not a publishing rule), Allow, Selected Protocols (POP3 Server), from External, to Localhost & Internal for all users. Put it at the top of your rule list and see if incoming POP3 traffic still gets bounced by the default rule.
0
emiahmadAuthor Commented:
I tried also and got the same result
0
EricTVikingCommented:
In your screenshot, is the destination IP in your internal network?

And have you tried disabling the bandwidth splitter?
0
emiahmadAuthor Commented:
I got it , it was not the bandwidth splitter , I found that the customer created a Network Rule to route traffic from External to Internal and when I disable it all things go right.
thank you anyway for your cooperation and you deserve the point
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
BrendanKingCommented:
I'm having the same issue trying to redirect port 3391 externally to 3389 internally - the policy is there but is getting ignored and the default rule is applying and denying.
Network rules do not have an external to internal route rule.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft Forefront ISA Server

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.