ISA 2006 blocks RPC(all interface) traffic from DMZ to internal? FWX_E_CONNECTION_KILLED
- Hi,
I have a weird issue on the ISA 2006. From a server in the DMZ (perimeter), I get the RPD server unavailable when attempt to enroll a cert from the internal server.
my topology:
internet
|
|
|
ISA---------DMZ
|
|
|
internal (CA)
The network rule:
DMZ,internal to external (NAT)
DMZ,internal to DMZ,internal(Route)
Currently, I have a Allow ALL rule:
Name: Allow ALL
Action: Allow
Protocols: All protocols
From: Internal
perimeter
To: Internal
perimeter
External
I get this is the log. Does anyone have any suggestions on this? Thanks for any comment.
==============================================================
Original Client IP
Client IP
Destination IP
Destination Port
Protocol
Action
Rule
Result Code
HTTP Status Code
Client Username
Source Network
Destination Network
URL
Server Name
Log Record Type
192.168.0.2
192.168.0.2
10.0.0.2
135
RPC (all interfaces)
Initiated Connection
RPC
0x0 ERROR_SUCCESS
Perimeter
Internal
-
ISA01
Firewall
192.168.0.2
192.168.0.2
10.0.0.2
135
RPC (all interfaces)
Initiated Connection
RPC
0x0 ERROR_SUCCESS
Perimeter
Internal
-
ISA01
Firewall
192.168.0.2
192.168.0.2
10.0.0.2
135
RPC (all interfaces)
Closed Connection
RPC
0x80074e24 FWX_E_CONNECTION_KILLED
Perimeter
Internal
-
ISA01
Firewall
192.168.0.2
192.168.0.2
10.0.0.2
135
RPC (all interfaces)
Closed Connection
RPC
0x80074e24 FWX_E_CONNECTION_KILLED
Perimeter
Internal
-
ISA01
Firewall
192.168.0.2
192.168.0.2
10.0.0.2
135
RPC (all interfaces)
Initiated Connection
RPC
0x0 ERROR_SUCCESS
Perimeter
Internal
-
ISA01
Firewall
192.168.0.2
192.168.0.2
10.0.0.2
135
RPC (all interfaces)
Closed Connection
RPC
0x80074e24 FWX_E_CONNECTION_KILLED
Perimeter
Internal
-
ISA01
Firewall
192.168.0.2
192.168.0.2
10.0.0.2
135
RPC (all interfaces)
Initiated Connection
RPC
0x0 ERROR_SUCCESS
Perimeter
Internal
-
ISA01
Firewall
192.168.0.2
192.168.0.2
10.0.0.2
135
RPC (all interfaces)
Closed Connection
RPC
0x80074e24 FWX_E_CONNECTION_KILLED
Perimeter
Internal
-
ISA01
Firewall
192.168.28.250
192.168.28.250
192.168.28.255
138
NetBios Datagram
Denied Connection
0xc0040025 FWX_E_BROADCAST_PACKET_DROPPED
External
External
-
ISA01
Firewall
Answers
- Hi,
if I understand correctly, the network relationship between INTERNAL and DMZ is ROUTE?
Right click the rule which allows traffic from DMZ to LAN and disable the strict RPC complicance checkbox.
Does this help?
BTW: an access rule which allows all outbound access to EXTERNal is not a good idea.
regards Marc
www.nt-faq.de
www.it-training-grote.de- Marked As Answer byKeith AlabasterMVP, ModeratorWednesday, June 17, 2009 6:11 PM
Certificate enrollment uses DCOM, which is not fully supported (or supportable) by the RPC filter.
Have a read hre: https://blogs.technet.com/isablog/archive/2007/05/16/rpc-filter-and-enable-strict-rpc-compliance.aspx for some possible solutions.
Jim Harrison Forefront Edge CS- Proposed As Answer byJim Harrison IsaDewd Saturday, January 03, 2009 7:40 PM
- Marked As Answer byKeith AlabasterMVP, ModeratorWednesday, June 17, 2009 6:11 PM
All Replies
- Hi,
if I understand correctly, the network relationship between INTERNAL and DMZ is ROUTE?
Right click the rule which allows traffic from DMZ to LAN and disable the strict RPC complicance checkbox.
Does this help?
BTW: an access rule which allows all outbound access to EXTERNal is not a good idea.
regards Marc
www.nt-faq.de
www.it-training-grote.de- Marked As Answer byKeith AlabasterMVP, ModeratorWednesday, June 17, 2009 6:11 PM
Certificate enrollment uses DCOM, which is not fully supported (or supportable) by the RPC filter.
Have a read hre: https://blogs.technet.com/isablog/archive/2007/05/16/rpc-filter-and-enable-strict-rpc-compliance.aspx for some possible solutions.
Jim Harrison Forefront Edge CS- Proposed As Answer byJim Harrison IsaDewd Saturday, January 03, 2009 7:40 PM
- Marked As Answer byKeith AlabasterMVP, ModeratorWednesday, June 17, 2009 6:11 PM
