Sign in
 
HomeProductsLibraryLearnDownloadsSupportForums
Microsoft Forefront TechCenter >
ISA 2004 Unidentified IP traffic

问题 ISA 2004 Unidentified IP traffic

  • Wednesday, August 15, 2012 1:01 PM
     
     
    Sign In to Vote
    0

    We have ISA Sever 2004 with two NICs (virtual server on ESX server). Network configuration was set-up using the Back-Firewall template in ISA. Standard NIC configuration applies: Internal (no GW, internal DNS set); External (GW, no DNS set). There are several VLANs configured, so we created some persistent routes as well.

    Created one single rule: Allow HTTP and HTTPS from Internal to External for all users just for testing purposes....now, when I set proxy settings in the client (WinXP pc) to ISA IP address and the default port (8080) I cannot access the Internet. When I create those same settings on the ISA server itself, it all works fine. 

    I created a logging rule to log attempts from that pc and this is what it reports:

    There is no "Denied Connection" action at all...it simply closes the connection and that is it...I am worried about the "Unidentified IP Traffic" under protocol - shouldn't it say http or similar? Any help would be greatly appreciated! 

     

All Replies

  • Wednesday, August 15, 2012 1:46 PM
     
     
    Sign In to Vote
    0

    Hi,

    Webproxy Client Support is activated in the ISA Server network and is set to port 8080?

    regards Marc Grote aka Jens Baier - www.it-training-grote.de - www.forefront-tmg.de - www.nt-faq.de

     
  • Wednesday, August 15, 2012 1:47 PM
     
     
    Sign In to Vote
    0

    Hi Marc,

    yes it is...I forgot to add that detail...

     
  • Wednesday, August 15, 2012 11:18 PM
     
     
    Sign In to Vote
    0

    Hi,

    Make sure IIS doesn't run on these ISA machines.

    I would point the ISA's internal IP as the default Gateway IP on one of the clients and try.

     
  • Thursday, August 16, 2012 8:22 AM
     
     
    Sign In to Vote
    0

    I already tried setting ISA server as the default gateway on one of the machines but that didn't help...IIS is not running on ISA

    Its frustrating that ISA is not giving more information and not throwing any errors - it simply said the connection has been gracefully closed! The only odd thing I can see is in the Event Viewer there is an event ID 1053 - source: Usernev - description: Windows cannot determine the user or computer name. (The RPC server is unavailable. ). Group Policy processing aborted. Off course, RPC service is running and I assume this is due to the fact that the GW is not set on the internal network (or  am I wrong?)...

     
  • Monday, August 20, 2012 7:15 AM
    Moderator
     
     
    Sign In to Vote
    0

    Hi,

    Thank you for the post.

    “There are several VLANs configured,” – please add the internal vlan subnets to the network definition for “Internal” in ISA server. if you have the L3 switch to route the vlan traffic, the vlan client’s gateway should be point to L3 switch.

    Regards,

    Nick Gu - MSFT

     
  • Thursday, September 06, 2012 2:47 PM
     
     
    Sign In to Vote
    0

    Hi Nick,

    I appologise for a late reply...vlan subnets are indeed added to the internal network definition and the L3 switch is the gateway...

     
  • Thursday, September 06, 2012 2:57 PM
     
     
    Sign In to Vote
    0

    Seems like an RPC issue.... In TMG edit system policy, under Authentication Services REMOVE the check mark for "Enforce Strict RPC Compliance". Ok and apply the changes, after that, right click the access rule that allows traffic to flow for internal traffic, select "configure rpc protocol" then remove the check mark from "enforce strict RPC compliance". Ok it and apply changes... Then, try again.


    • Edited by 01Blackerado Thursday, September 06, 2012 2:58 PM
    •  
     
  • Friday, September 07, 2012 7:33 AM
     
     
    Sign In to Vote
    0
    Did what you suggested - no change, still the same issue....
     
  • Friday, September 07, 2012 12:42 PM
     
     
    Sign In to Vote
    0

    Sorry, I read the post regarding the RPC Event Error which is what lead me to that. I noticed you said you used the backend firewall template instead of the edge firewall. Essentially they will acomplish the same thing except backend is typically used in conjunction with Front End Firewall. If you dont have a Front End firewall, and your current firewall is directly connected to the ISP, then try setting a public DNS on the external NIC, like google 8.8.8.8 and or 8.8.4.4. 

    Aside from that, I'm out of ideas without a little more data from you. 

    -Show the rule that you set for the access

    -Show the Network Rules

    Thanks,

     
  • Friday, September 07, 2012 12:57 PM
     
     
    Sign In to Vote
    0
    I tried that earlier too (setting the public DNS on the external NIC) but no luck. The reason I'm using the back firewall template is because we indeed have front end firewall - Cisco ASA. Originally, I did deploy the edge firewall template but it had the same issue...I scheduled an extensive meeting with network guys to go over ASA configuration to check if there are some issues there...will report back
     
  • Friday, September 07, 2012 1:19 PM
     
     
    Sign In to Vote
    0
    Oh nice! Ok sounds good