• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 558
  • Last Modified:

ISA 2006 outbound (inbound?) problems

Hi,

On company network I just suddently can't use remote desktop to connect to RD clients on the public side of my ISA. If I log on the ISA server itself, I can remote desktop fine.

Futhermore I have a couple of programs that use tcpip to connect to PC's on the internet, these programs doesn't work either.

I've also tried using IP's (to see if it was a DNS problem); but it's still the same.

All inbound seams normal (our webservers etc).

I haven't changed anything on the ISA server for months and have no clue why this just suddently happen.

When I logged on my ISA server, I could see it has been rebooted due to an important Windows Update .. but as far as I can see, the last update is 7 days old and my problem just started 2 days ago.

HELP! :o)
0
M_O_J_O
Asked:
M_O_J_O
  • 3
  • 2
1 Solution
 
Raj-GTSystems EngineerCommented:
Looks like you have a Firewall policy in place blocking or not allowing outbound access to non web proxy protocols.

You can test this by creating a new firewall policy to allow RDP outbound to "All Users" users group. Make sute this rule is on top of the rule chain.

It will also help if you would copy the ISA log outputs here. (Monitoring > Logs tab)

Thanks,
Raj
0
 
M_O_J_OAuthor Commented:
Hi Raj,

Please notice it's not only RD it's some of my tcpip programs too.

Well I have a rule to allow all outbound, so I can't see what should prevent RD from outbound.

I've attached a xslx of the log, please notice that I've changed all external IPs for security reasons.The adress I'm trying to connect to is 85.83.16.129.

Thx for your help so far.

Mojo

log.xls
0
 
Raj-GTSystems EngineerCommented:
I don't see any packets coming back from 85.83.16.129 on your log. Is your allow all rule at the top of the rules table. Can you copy the rule details, interface configurations of ISA1 and also the network relationships pleas.

Thanks,
Raj
 
0
 
M_O_J_OAuthor Commented:
Yeah I don't get any packets back. If I have "allow all outbound" shouldn't I be able to RD out of my network?

Yes the rule is at top.

I've attached copy of rule and I'm not sure where to copy interface config and network relation.

I don't know why this suddently happen - I haven't touched the ISA for months and it stopped working 2-3 days ago.

Thanks!

Mojo

general.jpg
action.jpg
content.jpg
from.jpg
protocols.jpg
to.jpg
users.jpg
relation.jpg
0
 
M_O_J_OAuthor Commented:
Hmmmm STRANGE .... now suddently everything works perfectly again ... hmmm.

I'M CONFUSED!

I will let this case be open for a couple of days ... thank you for your help so far.


:o)

Mojo
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Cloud Class® Course: Certified Penetration Testing

This CPTE Certified Penetration Testing Engineer course covers everything you need to know about becoming a Certified Penetration Testing Engineer. Career Path: Professional roles include Ethical Hackers, Security Consultants, System Administrators, and Chief Security Officers.

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now