Dropping Outbound Connection and Need to Allow AIM Messanger
893 views
Skip to first unread message
ashwini kumar
Oct 1, 2008, 8:25:10 AM10/1/08
to all...@googlegroups.com
Hi,
Question 1.
I have denied everything except for two users in My ISA server. For two users I have allowed all Outbound connection. And I m trying to get connected into AIM Messanger. Now here strange thing is happening, - SomeTime I am able to Login to AIM or SomeTimes it says Connection Host lost.
Finally I started to Trace Logging : I found in Action
Its denied the connection with the following Result Code
[0x80074e21 FWX_E_ABORTIVE_SHUTDOWN] [0x80074e20 FWX_E_GRACEFUL_SHUTDOWN]
Question 2.
In My ORG - I have the policy deny all except some of the Sites. Now I my requirement is to Grant the Access for AIM Messanger. Please let me know the Procedure.
KinD Regards,
Ashwini
9949977764
9949977764
dheeraj katarya
Oct 1, 2008, 10:46:08 AM10/1/08
to all...@googlegroups.com
Hi Ashwani,
Question number 1.
I am assuming that u are using the user filtering by defining the users in the rule that allow external traffic.
The abortive shutdown is caused if connection between the client or server ( AIM) is closed with a reset either by client or server.
Please copy and paste the complete logging to see how the request is denied on ISA, just this two result codes could conclude multiple issues. Just guessing sometimes when u r able to connect is when u r using firewall client on the system where u have AIM messenger installed or only one server address is in your whitelist as you told that u block all and allow only few statergy so when dns resolves that or AIM tries to connect to that range it works else it fails.
Question2.
You need to add the IP addresses to domain set and then in rule add this domain set.
step by step instruction on this can be found on tutorials from http://www.ISAserver.org
Regards,
Dheeraj Katarya
B.E.(mech), MCP,M.C.S.A ,
M.C.S.E. MCT 2006,MCTS(BDD, CONF)
MCTS Windows 2008 AD, Network Infra, and application management.
MCITP (enterprise) & (Consumer)
Cert. Eth. HACKER (CEH)
Hacking forensics investigator, Certified EC Council Instructor.
CISSP.
B.E.(mech), MCP,M.C.S.A ,
M.C.S.E. MCT 2006,MCTS(BDD, CONF)
MCTS Windows 2008 AD, Network Infra, and application management.
MCITP (enterprise) & (Consumer)
Cert. Eth. HACKER (CEH)
Hacking forensics investigator, Certified EC Council Instructor.
CISSP.
ashwini kumar
Oct 3, 2008, 9:00:21 AM10/3/08
to all...@googlegroups.com, jaiswal...@gmail.com
Hi,
Below is steps which I did and Got the Error........ Suggest Please
Here I made a Allow access rule on top - I specify that for the requests generates From the x.x.x.x IP with the XX user name, All outbound Traffic allow to External. This policy is allowing all Internal traffic to External.
But The strange thing is that - Still those users are not able to Logging to AIM Messanger. Error is Connection Lost.
When I used Diagnostic Logging of my Computer - I found the following Error Code in ISA Log.
Below is steps which I did and Got the Error........ Suggest Please
Here I made a Allow access rule on top - I specify that for the requests generates From the x.x.x.x IP with the XX user name, All outbound Traffic allow to External. This policy is allowing all Internal traffic to External.
But The strange thing is that - Still those users are not able to Logging to AIM Messanger. Error is Connection Lost.
When I used Diagnostic Logging of my Computer - I found the following Error Code in ISA Log.
Its denied the connection with the following Result Code
[0x80074e21 FWX_E_ABORTIVE_SHUTDOWN] [0x80074e20 FWX_E_GRACEFUL_SHUTDOWN]
=============================================================================================================================================================================
========================================================================================================================================================================
Know more about Messaging :-)
| Log Time | Client IP | Destination IP | Destination Port | Protocol | Action | Rule | Result Code | HTTP Status Code | Client Username | Source Network | Destination Network | URL | Server Name | Log Record Type | |
| 10/1/2008 14:47 | 172.18.57.10 | 172.18.63.47 | 8080 | HTTP Proxy | Initiated Connection | 0x0 ERROR_SUCCESS | Internal | Local Host | - | SBHCP1ISA02 | Firewall | ||||
| 10/1/2008 14:45 | 172.18.57.10 | 172.18.63.47 | 443 | SSL-tunnel | Allowed Connection | Aol Test | 407 | anonymous | Internal | External | kdc.uas.aol.com:443 | SBHCP1ISA02 | Web Proxy Filter | ||
| 10/1/2008 14:45 | 172.18.57.10 | 172.18.63.47 | 443 | SSL-tunnel | Allowed Connection | Aol Test | 407 | anonymous | Internal | External | kdc.uas.aol.com:443 | SBHCP1ISA02 | Web Proxy Filter | ||
| 10/1/2008 14:45 | 172.18.57.10 | 172.18.63.47 | 8080 | HTTP Proxy | Closed Connection | 0x80074e20 FWX_E_GRACEFUL_SHUTDOWN | Internal | Local Host | - | SBHCP1ISA02 | Firewall | ||||
| 10/1/2008 14:45 | 172.18.57.10 | 172.18.63.47 | 8080 | HTTP Proxy | Closed Connection | 0x80074e20 FWX_E_GRACEFUL_SHUTDOWN | Internal | Local Host | - | SBHCP1ISA02 | Firewall | ||||
| 10/1/2008 14:45 | 172.18.57.10 | 172.18.63.47 | 8080 | HTTP Proxy | Initiated Connection | 0x0 ERROR_SUCCESS | Internal | Local Host | - | SBHCP1ISA02 | Firewall | ||||
| 10/1/2008 14:45 | 172.18.57.10 | 172.18.63.47 | 8080 | HTTP Proxy | Initiated Connection | 0x0 ERROR_SUCCESS | Internal | Local Host | - | SBHCP1ISA02 | Firewall | ||||
| 10/1/2008 14:45 | 172.18.57.10 | 172.18.63.47 | 8080 | HTTP Proxy | Closed Connection | 0x80074e21 FWX_E_ABORTIVE_SHUTDOWN | Internal | Local Host | - | SBHCP1ISA02 | Firewall | ||||
| 10/1/2008 14:45 | 172.18.57.10 | 172.18.63.47 | 8080 | HTTP Proxy | Initiated Connection | 0x0 ERROR_SUCCESS | Internal | Local Host | - | SBHCP1ISA02 | Firewall | ||||
| 10/1/2008 14:47 | 172.18.57.10 | 172.18.63.47 | 8080 | http | Denied Connection | Aol Test | 12209 | anonymous | Internal | External | http://aoldiag.aol.com:80/spiral-bin/Collector.dll | SBHCP1ISA02 | Web Proxy Filter | ||
| 10/1/2008 14:45 | 172.18.57.10 | 172.18.16.7 | 8090 | http | Allowed Connection | Aol Test | 403 | satyambpo\aksb1865 | Internal | External | http://64.12.163.147/monitor?sid=400ca393d2121278fcfb00019345e01f | SBHCP1ISA02 | Web Proxy Filter | ||
| 10/1/2008 14:45 | 172.18.57.10 | 172.18.63.47 | 8080 | http | Failed Connection Attempt | Aol Test | 5 | anonymous | Internal | External | http://64.12.163.147/monitor?sid=400ca393d2121278fcfb00019345e01f | SBHCP1ISA02 | Web Proxy Filter | ||
| 10/1/2008 14:45 | 172.18.57.10 | 172.18.16.7 | 8090 | http | Allowed Connection | Aol Test | 403 | satyambpo\aksb1865 | Internal | External | http://64.12.163.147/data?sid=400ca393d2121278fcfb00019345e01f&seq=1 | SBHCP1ISA02 | Web Proxy Filter | ||
| 10/1/2008 14:45 | 172.18.57.10 | 172.18.63.47 | 8080 | http | Denied Connection | Aol Test | 12209 | anonymous | Internal | External | http://64.12.163.147/monitor?sid=400ca393d2121278fcfb00019345e01f | SBHCP1ISA02 | Web Proxy Filter | ||
| 10/1/2008 14:45 | 172.18.57.10 | 172.18.16.7 | 8090 | http | Allowed Connection | Aol Test | 200 | satyambpo\aksb1865 | Internal | External | http://aimhttp.oscar.aol.com/hello | SBHCP1ISA02 | Web Proxy Filter | ||
| 10/1/2008 14:45 | 172.18.57.10 | 172.18.63.47 | 8080 | http | Failed Connection Attempt | Aol Test | 5 | anonymous | Internal | External | http://aimhttp.oscar.aol.com/hello | SBHCP1ISA02 | Web Proxy Filter | ||
| 10/1/2008 14:45 | 172.18.57.10 | 172.18.63.47 | 8080 | http | Denied Connection | Aol Test | 12209 | anonymous | Internal | External | http://aimhttp.oscar.aol.com/hello | SBHCP1ISA02 | Web Proxy Filter | ||
Know more about Messaging :-)
Question number 1.I am assuming that u are using the user filtering by defining the users in the rule that allow external traffic.The abortive shutdown is caused if connection between the client or server ( AIM) is closed with a reset either by client or server.Please copy and paste the complete logging to see how the request is denied on ISA, just this two result codes could conclude multiple issues. Just guessing sometimes when u r able to connect is when u r using firewall client on the system where u have AIM messenger installed or only one server address is in your whitelist as you told that u block all and allow only few statergy so when dns resolves that or AIM tries to connect to that range it works else it fails.
>>>>>
[Ashwini] As i mention below
dheeraj katarya
Oct 3, 2008, 12:59:12 PM10/3/08
to all...@googlegroups.com
Hi Ashwani,
What I would recomend here is download the ISA BPA tool and install it on ISA server
then run ISA data packager from it and run the tool in basic repro mode
while the tool is running, try to reconnect the clients
the file would be saved on desktop
send that file
u will get the answer
secondly in ur trace I see that most requests are anonymous
are u using webproxy, securenat clients
I see u are using webproxy settings
did u add proxy server details to AIM messenger
Dheeraj Katarya
B.E.(mech), MCP,M.C.S.A ,
M.C.S.E. MCT 2006,MCTS(BDD, CONF)
MCTS Windows 2008 AD, Network Infra, and application management.
MCITP (enterprise) & (Consumer)
Cert. Eth. HACKER (CEH)
Hacking forensics investigator, Certified EC Council Instructor.
CISSP.
B.E.(mech), MCP,M.C.S.A ,
M.C.S.E. MCT 2006,MCTS(BDD, CONF)
MCTS Windows 2008 AD, Network Infra, and application management.
MCITP (enterprise) & (Consumer)
Cert. Eth. HACKER (CEH)
Hacking forensics investigator, Certified EC Council Instructor.
CISSP.
ashwini kumar
Oct 5, 2008, 9:39:27 AM10/5/08
to all...@googlegroups.com
Hey Dheeraj,
Yes ! I m using webProxy and I added the same in AIM.
Other task I will be doing in coming week and I will let u know about the result along with detail.
Thanks for the heads up !
Ashwini
Reply all
Reply to author
Forward
0 new messages