Registered users    
MembershipMembership:
Latest New UserLatest:clement tsang
New TodayNew Today:10
New YesterdayNew Yesterday:13
User CountOverall:22868
Private messaging    
You must be logged in to use this module.
Top 10 posters    
NamePosts
Mariette Knap12481
Marina Roos11717
Eriq Neale2071
Michael Patrick1901
Stan Guinn1799
Robert Pearman1717
Nick Pieters1425
Stewart Brown609
Kevin D.563
Eddie Kerr534
Welcome unauthorized visitor    
If you want to join us in the discussions on this forum you need to register first. Registration is free! If you are already a registered user please login to join the forum.
Small Business Server Support Forum    
Forums > Microsoft Smallbusiness Server > ISA Server 2004
Subject: Trying to Understand 'Denied Connection' in ISA
Prev Next
You are not authorized to post a reply.

Author Messages
Paul Smith User is Offline
Tadley UK
Member since
4/20/2005

Registered Users
Posts: 284
7/23/2008 03:07 PM  
After my problem with ISA having to be reinstalled. I am trying something different.
 
We have a requirement to install or utilise a Web URL screening facility. To this end we originally installed a Client Site Proxy plugin for ISA. This worked initially then it all went wrong.
 
Anyway I thought I would try a less invasive alternative; Install the Non-ISA version of the Client Site Proxy service on a standalone PC on the internal network. This service uses [a] SQUID (port 3128)
 
Its all installed and configured, however ISA is stopping it in the (default) SBS Internet Access Rule, with Denied connection for port 3128.
 
I looked at the failure and created a Firewall Policy that 'Allowed' Outbound Traffic for Port 3128 from Internal to External for All Users, I placed this rule immediatly above the Default Internet Access Rule and called it 'CSP Access Rule'.
 
ISA is apparently ignoring this rule entirely still and presists in SBS Internet Access rule denying connections.
 
Am I missing something obvious here?
 
Thanks
Paul
Faraz Khan User is Offline
Pakistan
Member since
6/25/2008

Registered Users
Posts: 25
7/28/2008 09:37 AM  
Hi Paul,
 
Edit 'CSP Access Rule' and also Add 'Local host' in TO section. So it should look like from Internal to external and localhost.
 
Regrads,
Faraz H. Khan
Paul Smith User is Offline
Tadley UK
Member since
4/20/2005

Registered Users
Posts: 284
7/28/2008 11:09 AM  
Hi faraz
Thanks for replying. I have temporarily "got round" my problem. It occurred to me that the Client Site Proxy that was running was using the "Service Account" on my desinated machine. I changed this so that it was using the Domain Administrator account (temporary meassure whilst I figure this out).

It now allows my 'pasthru' Client Site Proxy function to work. However the one thing that I still dont understand is this:

I still have the rule CSP access defined for Outbound 3128, Internal to External (&Local Host as you suggested) , SBS Internet Users.

To check on what is happening I am running logging for 3128 Outbound shows that SBS Internet Access Rule is Allowing the connection and not my Rule. (which sits above it).

Any thoughts?

Paul
You are not authorized to post a reply.
Forums > Microsoft Smallbusiness Server > ISA Server 2004 > Trying to Understand 'Denied Connection' in ISA


ActiveForums 3.7
Forum policy    
These Discussion Forums are dedicated to the discussion of the Small Business Server and related server and client software. For the benefit of the community please observe the following posting guidelines:
  1. No Advertising. This includes promotion of commercial products and non-commercial products which are not directly related to Small Business Server and related server and client software.
  2. No Flaming or Trolling.
  3. No Profanity, Racism, or Prejudice.
  4. Site Moderators have the final word on approving/removing a thread or post or comment.
Copyright 2002-2008 Concentrix b.v.    :   Page generated in 0.2343765 seconds.   :   Terms Of Use   :   Privacy Statement