ISA 2004 denies port even though rule created

I was trying to troubleshoot why my iPhone was unable to send email through smpt ssl. I read that you have to forward port 587 to the exchange server. I saw that this was being blocked. I tried all possible options and created the Allow Rule as I did hundreds of times, but for some reason it keeps denying the connection when I look at it in the logging screen. same message keeps popping up.

Just a note: Exchange Activesync works just fine, without problems. I am trying to make the IMAP account work because iPhone only allows one Exchange account, and I want to use it for the google new sync services. IMAP SSL over port 993 works fine, and I am able to receive emails. The problem is with sending email, as it never seems to connect.

I am not sure what I am doing wrong. Thanks for all the help. This is rule 1 so its not the rule order that is causing this.
Log Time	Client IP	Destination IP	Destination Port	Protocol	Client Username	Action	Rule	Source Network	Destination Network	HTTP Method	URL	Original Client IP	Client Agent	Authenticated Client	Service	Server Name	Referring Server	Destination Host Name	Transport	MIME Type	Object Source	Source Proxy	Destination Proxy	Bidirectional	Client Host Name	Filter Information	Network Interface	Raw IP Header	Raw Payload	Source Port	Processing Time	Bytes Sent	Bytes Received	Result Code	HTTP Status Code	Cache Information	Error Information	Log Record Type
2/22/2009 11:34:22 AM	173.68.*.**	192.168.111.4	587	Unidentified IP Traffic (TCP:587)		Denied Connection	Default rule	External	Local Host	-	-	173.68.*.*				MYSBS	-		TCP	-				No		-				49752	0	0	0	0xc004000d FWX_E_POLICY_RULES_DENIED		0x0	0x0	Firewall

Open in new window

surge1Asked:
Who is Participating?
 
surge1Connect With a Mentor Author Commented:
I was thinking and maybe i about this all wrong. What ports services would I need to configre the SMTP services to Authenticate to any device SECURELY (no password / username in clear text being sent out) . can this all be done via port 25?
0
 
Philip ElderTechnical Architect - HA/Compute/StorageCommented:
You should be configuring your IMAP SSL for the ISP's servers not your SBS. Since the Google service is an outside service incoming, your outgoing must be connected to an outside service too.

Philip
0
 
surge1Author Commented:
Perhaps I wasn't clear enough and my apologies for that. Exchange is my work out, while google is another email(personal one).  I am trying to do this for my work account so I can connect directly.
0
Get expert help—faster!

Need expert help—fast? Use the Help Bell for personalized assistance getting answers to your important questions.

 
Philip ElderTechnical Architect - HA/Compute/StorageCommented:
The FROM IP address is an external one in the above ISA screenshot. Your iPhone is using the wireless Internet to try and access your internal Exchange server.

You can pull e-mail and such via POP3 into your Exchange based mailbox. You still need to have the outgoing server pointing to your wireless carrier's SMTP servers.

Philip
0
 
surge1Author Commented:
i think we're getting a bit away from the subject matter. why is isa blocking port 587 when I clearly allowed it. the rule for some reason does not get triggered.

again, as a side noet, from what i've ready, port 587 will be used instead of 25 to authenticate with the SMTP server over a secure connection.

maybe this is another question, but how would you secure your connection when sending out email. can't the smtp virtual server use ssl on port 25 to properly and securely authenticate? on the iPhone I have SSL: ON, can this be done over port 25?
0
 
Philip ElderConnect With a Mentor Technical Architect - HA/Compute/StorageCommented:
SSL tunnels are a very particular setup in ISA.
Make sure your rule is a pass through SSL publishing rule and that port 587 is in ISA's SSL allowed port list. That would stop the SSL connection in its tracks.
SSL tunnel tool: http://www.isatools.org/tools.asp?Context=ISA2004
It is called ISA TPRE. Download it and use it to verify and/or add the right port.
Philip
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.