?
Solved

ISA 2006 outbound (inbound?) problems

Posted on 2009-02-17
5
Medium Priority
?
547 Views
Last Modified: 2012-06-27
Hi,

On company network I just suddently can't use remote desktop to connect to RD clients on the public side of my ISA. If I log on the ISA server itself, I can remote desktop fine.

Futhermore I have a couple of programs that use tcpip to connect to PC's on the internet, these programs doesn't work either.

I've also tried using IP's (to see if it was a DNS problem); but it's still the same.

All inbound seams normal (our webservers etc).

I haven't changed anything on the ISA server for months and have no clue why this just suddently happen.

When I logged on my ISA server, I could see it has been rebooted due to an important Windows Update .. but as far as I can see, the last update is 7 days old and my problem just started 2 days ago.

HELP! :o)
0
Comment
Question by:M_O_J_O
  • 3
  • 2
5 Comments
 
LVL 15

Expert Comment

by:Raj-GT
ID: 23659115
Looks like you have a Firewall policy in place blocking or not allowing outbound access to non web proxy protocols.

You can test this by creating a new firewall policy to allow RDP outbound to "All Users" users group. Make sute this rule is on top of the rule chain.

It will also help if you would copy the ISA log outputs here. (Monitoring > Logs tab)

Thanks,
Raj
0
 

Author Comment

by:M_O_J_O
ID: 23659660
Hi Raj,

Please notice it's not only RD it's some of my tcpip programs too.

Well I have a rule to allow all outbound, so I can't see what should prevent RD from outbound.

I've attached a xslx of the log, please notice that I've changed all external IPs for security reasons.The adress I'm trying to connect to is 85.83.16.129.

Thx for your help so far.

Mojo

log.xls
0
 
LVL 15

Expert Comment

by:Raj-GT
ID: 23660797
I don't see any packets coming back from 85.83.16.129 on your log. Is your allow all rule at the top of the rules table. Can you copy the rule details, interface configurations of ISA1 and also the network relationships pleas.

Thanks,
Raj
 
0
 

Author Comment

by:M_O_J_O
ID: 23662480
Yeah I don't get any packets back. If I have "allow all outbound" shouldn't I be able to RD out of my network?

Yes the rule is at top.

I've attached copy of rule and I'm not sure where to copy interface config and network relation.

I don't know why this suddently happen - I haven't touched the ISA for months and it stopped working 2-3 days ago.

Thanks!

Mojo

general.jpg
action.jpg
content.jpg
from.jpg
protocols.jpg
to.jpg
users.jpg
relation.jpg
0
 

Accepted Solution

by:
M_O_J_O earned 0 total points
ID: 23662520
Hmmmm STRANGE .... now suddently everything works perfectly again ... hmmm.

I'M CONFUSED!

I will let this case be open for a couple of days ... thank you for your help so far.


:o)

Mojo
0

Featured Post

New feature and membership benefit!

New feature! Upgrade and increase expert visibility of your issues with Priority Questions.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In all versions of ISA Server and the current version of FTMG, the default https protocol uses TCP port 443 and 563 only. This cannot be changed within the ISA or FTMG GUI and must be completed from a Windows cmd prompt on the ISA Server itself. …
Forefront Threat Management Gateway 2010 or FTMG comes with some very neat troubleshooting tools built-in when trying to identify what is actually happening behind the scenes within the product when traffic is passing through its interfaces. To the …
this video summaries big data hadoop online training demo (http://onlineitguru.com/big-data-hadoop-online-training-placement.html) , and covers basics in big data hadoop .
As many of you are aware about Scanpst.exe utility which is owned by Microsoft itself to repair inaccessible or damaged PST files, but the question is do you really think Scanpst.exe is capable to repair all sorts of PST related corruption issues?
Suggested Courses
Course of the Month15 days, 5 hours left to enroll

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question