+ Reply to Thread
Results 1 to 15 of 15

Thread: ISA 2004

  1. Senior Member
    Join Date
    Mar 2006
    Posts
    509

    Certifications
    CST, A+, N+, CNST, MCP 70-290, MCP 70-291, MCSA2K3, MCSA2K, MCP 70-218
    #1

    Default ISA 2004

    Can anyone help me, i have installed ISA 2004 at work and although the users can accress their email from an outside connection they cannot send or receive emails. I have Exchange 2003 installed and use to run ISA 2000 without any problems.
    Reply With Quote Quote  

  2. SS -->
  3. Senior Member
    Join Date
    Mar 2006
    Location
    The Internet
    Posts
    586

    Certifications
    See Signature
    #2
    Hey Billy,

    Please talk us through your setup there / how is the network configured?

    When you say "from an outside connection they cannot send or recieve email" do you mean via pop? Are you users' connecting via RPC over HTTP?

    Regards,

    Luke
    Reply With Quote Quote  

  4. Senior Member
    Join Date
    Mar 2006
    Posts
    509

    Certifications
    CST, A+, N+, CNST, MCP 70-290, MCP 70-291, MCSA2K3, MCSA2K, MCP 70-218
    #3
    The users are able to send eachother emails internally to eachother, but they cannot send emails to outside addresses. I tried to send an email to work but i am not receiving the email. I have followed the procedures in the ISA book but to no prevail. It`s as if all SMTP protocals are being blocked even though i have setup the access rules according to the book.
    Reply With Quote Quote  

  5. Senior Member
    Join Date
    Mar 2006
    Location
    The Internet
    Posts
    586

    Certifications
    See Signature
    #4
    Have you checked the logs? It would appear that the connections are still being denied? Use the "Reporting" feature and track traffic from your Exchange server to the External network. Look for anything that says "Denied Connection".

    Also, try moving your SMTP access rule to the top of the list. With ISA Server 2004 rules are evaluated in the order they appear on the access rule list. For example say you have:-

    Access rule 1. Allow all protocols from Internal to External for all users
    Access rule 2. Allow only HTTP, HTTPS and FTP from Internal to External for all users.

    The 1st rule would take priority and be evaluated first therefore all of your users would be able to send traffic on all protocols to the external network (the restriction, rule 2 would never take effect).

    You could also try allowing all internal to external (temporally) to see if that allows connectivity to the outside world via SMTP. This would then outline whether the issue is with ISA or with your Exchange server.

    Let us know how you get on!

    Also, check that there isn’t a route relationship setup between your exchange box and the external network. If this is the case (unless your exchange box has an IP which is routable on the internet) the private address will just be dropped by your ISPs gateway.

    Luke
    Reply With Quote Quote  

  6. mikej412's caddy sprkymrk's Avatar
    Join Date
    Feb 2006
    Location
    Charleston, SC
    Posts
    4,976

    Certifications
    MCP (NT4 Server), MCSA 2000, MCSA 2003, CCNA, Security+, Network+
    #5
    Did you change IP addresses and forget to update the MX records with your ISP?
    Reply With Quote Quote  

  7. Senior Member
    Join Date
    Mar 2006
    Location
    The Internet
    Posts
    586

    Certifications
    See Signature
    #6
    Quote Originally Posted by sprkymrk
    Did you change IP addresses and forget to update the MX records with your ISP?
    If that were the case he would still be able to send mail just not recieve.
    Reply With Quote Quote  

  8. mikej412's caddy sprkymrk's Avatar
    Join Date
    Feb 2006
    Location
    Charleston, SC
    Posts
    4,976

    Certifications
    MCP (NT4 Server), MCSA 2000, MCSA 2003, CCNA, Security+, Network+
    #7
    Quote Originally Posted by LukeQuake
    Quote Originally Posted by sprkymrk
    Did you change IP addresses and forget to update the MX records with your ISP?
    If that were the case he would still be able to send mail just not recieve.
    Unless the recieving end is using sender domain checks (reverse lookups) to filter for spam.
    Reply With Quote Quote  

  9. Senior Member
    Join Date
    Mar 2006
    Posts
    509

    Certifications
    CST, A+, N+, CNST, MCP 70-290, MCP 70-291, MCSA2K3, MCSA2K, MCP 70-218
    #8
    Ok i have setup a filter to check SMTP and your right LukeQuake i am seeing denied connections. But i am new to isa 2004 and do not know how to read the filter. What am i looking for here, i mean i know smtp is being denied but where do i go from here?

    The smtp publishing rule is No1 and i have an Outbound smtp rule setup as Internal to External - All Users as No2.
    Reply With Quote Quote  

  10. mikej412's caddy sprkymrk's Avatar
    Join Date
    Feb 2006
    Location
    Charleston, SC
    Posts
    4,976

    Certifications
    MCP (NT4 Server), MCSA 2000, MCSA 2003, CCNA, Security+, Network+
    #9
    Quote Originally Posted by billybob01
    Ok i have setup a filter to check SMTP and your right LukeQuake i am seeing denied connections. But i am new to isa 2004 and do not know how to read the filter. What am i looking for here, i mean i know smtp is being denied but where do i go from here?

    The smtp publishing rule is No1 and i have an Outbound smtp rule setup as Internal to External - All Users as No2.
    You should have another rule for inbound SMTP connections to your mail server, external to internal.
    Reply With Quote Quote  

  11. Senior Member
    Join Date
    Mar 2006
    Posts
    509

    Certifications
    CST, A+, N+, CNST, MCP 70-290, MCP 70-291, MCSA2K3, MCSA2K, MCP 70-218
    #10
    Tried that but still no joy.
    Reply With Quote Quote  

  12. Senior Member
    Join Date
    Mar 2006
    Posts
    509

    Certifications
    CST, A+, N+, CNST, MCP 70-290, MCP 70-291, MCSA2K3, MCSA2K, MCP 70-218
    #11
    i have noticed though that when i enable the All access we can send and receive email, but when the All access rule is disabled we are unable to send mail but we can receive mail.
    Reply With Quote Quote  

  13. mikej412's caddy sprkymrk's Avatar
    Join Date
    Feb 2006
    Location
    Charleston, SC
    Posts
    4,976

    Certifications
    MCP (NT4 Server), MCSA 2000, MCSA 2003, CCNA, Security+, Network+
    #12
    Quote Originally Posted by billybob01
    i have noticed though that when i enable the All access we can send and receive email, but when the All access rule is disabled we are unable to send mail but we can receive mail.
    Just to clarify in case I misunderstood - your users can recieve email from anyone, internal or external?

    They can send email to each other internally but not to external recipients?

    If those are true, then do you have an outbound rule that allows the Exchange Server to send email via SMTP outbound to everyone? I ask because you mentioned a rule allowing "All Users", but I wonder if that includes your Exchange Server itself.
    Reply With Quote Quote  

  14. Senior Member
    Join Date
    Mar 2006
    Posts
    509

    Certifications
    CST, A+, N+, CNST, MCP 70-290, MCP 70-291, MCSA2K3, MCSA2K, MCP 70-218
    #13
    "then do you have an outbound rule that allows the Exchange Server to send email via SMTP outbound to everyone?"

    I have a SMTP Server Publishing rule:
    Action=Allow Traffic=SMTP Server From=Anywhere To=10.10.x.x Networks=External.


    We also have an External Access to ISA DNS server Publishing rule and an Internal DNS to ISA forwarder Access rule. I have tested DNS from the SMTP Server and all is fine.
    Reply With Quote Quote  

  15. mikej412's caddy sprkymrk's Avatar
    Join Date
    Feb 2006
    Location
    Charleston, SC
    Posts
    4,976

    Certifications
    MCP (NT4 Server), MCSA 2000, MCSA 2003, CCNA, Security+, Network+
    #14
    Quote Originally Posted by billybob01
    "then do you have an outbound rule that allows the Exchange Server to send email via SMTP outbound to everyone?"

    I have a SMTP Server Publishing rule:
    Action=Allow Traffic=SMTP Server From=Anywhere To=10.10.x.x Networks=External.
    Am I reading it wrong, or should that be reversed to read:

    Action=Allow Traffic=SMTP Server From=10.10.x.x To=Anywhere Networks=External

    in order to allow outbound email?
    Reply With Quote Quote  

  16. Senior Member
    Join Date
    Mar 2006
    Posts
    509

    Certifications
    CST, A+, N+, CNST, MCP 70-290, MCP 70-291, MCSA2K3, MCSA2K, MCP 70-218
    #15
    You may be right Spymark, i will try that when i go back to work and I`ll let you know
    Reply With Quote Quote  

+ Reply to Thread

Social Networking & Bookmarks