ISA 2004

Can anyone help me, i have installed ISA 2004 at work and although the users can accress their email from an outside connection they cannot send or receive emails. I have Exchange 2003 installed and use to run ISA 2000 without any problems.

Comments

  • LukeQuakeLukeQuake Member Posts: 579
    Hey Billy,

    Please talk us through your setup there / how is the network configured?

    When you say "from an outside connection they cannot send or recieve email" do you mean via pop? Are you users' connecting via RPC over HTTP?

    Regards,

    Luke
    Microsoft Certifications: MCITP:EA, MCSE:S, MCSA:M, MCDST, MCTS: Vista Config, MCITP: Ent Support
    Citrix Certifications: CCA XenApp 4.5/5.0 and XenServer 5.0
    Other: Marathon Certified Consultant (HA, FT and VM), ISEB InfoSec Management Principles and Security+
    Working on: CISSP and Check Team Member
  • billybob01billybob01 Member Posts: 504
    The users are able to send eachother emails internally to eachother, but they cannot send emails to outside addresses. I tried to send an email to work but i am not receiving the email. I have followed the procedures in the ISA book but to no prevail. It`s as if all SMTP protocals are being blocked even though i have setup the access rules according to the book.
  • LukeQuakeLukeQuake Member Posts: 579
    Have you checked the logs? It would appear that the connections are still being denied? Use the "Reporting" feature and track traffic from your Exchange server to the External network. Look for anything that says "Denied Connection".

    Also, try moving your SMTP access rule to the top of the list. With ISA Server 2004 rules are evaluated in the order they appear on the access rule list. For example say you have:-

    Access rule 1. Allow all protocols from Internal to External for all users
    Access rule 2. Allow only HTTP, HTTPS and FTP from Internal to External for all users.

    The 1st rule would take priority and be evaluated first therefore all of your users would be able to send traffic on all protocols to the external network (the restriction, rule 2 would never take effect).

    You could also try allowing all internal to external (temporally) to see if that allows connectivity to the outside world via SMTP. This would then outline whether the issue is with ISA or with your Exchange server.

    Let us know how you get on!

    Also, check that there isn’t a route relationship setup between your exchange box and the external network. If this is the case (unless your exchange box has an IP which is routable on the internet) the private address will just be dropped by your ISPs gateway.

    Luke
    Microsoft Certifications: MCITP:EA, MCSE:S, MCSA:M, MCDST, MCTS: Vista Config, MCITP: Ent Support
    Citrix Certifications: CCA XenApp 4.5/5.0 and XenServer 5.0
    Other: Marathon Certified Consultant (HA, FT and VM), ISEB InfoSec Management Principles and Security+
    Working on: CISSP and Check Team Member
  • sprkymrksprkymrk Member Posts: 4,884 ■■■□□□□□□□
    Did you change IP addresses and forget to update the MX records with your ISP?
    All things are possible, only believe.
  • LukeQuakeLukeQuake Member Posts: 579
    sprkymrk wrote:
    Did you change IP addresses and forget to update the MX records with your ISP?

    If that were the case he would still be able to send mail just not recieve.
    Microsoft Certifications: MCITP:EA, MCSE:S, MCSA:M, MCDST, MCTS: Vista Config, MCITP: Ent Support
    Citrix Certifications: CCA XenApp 4.5/5.0 and XenServer 5.0
    Other: Marathon Certified Consultant (HA, FT and VM), ISEB InfoSec Management Principles and Security+
    Working on: CISSP and Check Team Member
  • sprkymrksprkymrk Member Posts: 4,884 ■■■□□□□□□□
    LukeQuake wrote:
    sprkymrk wrote:
    Did you change IP addresses and forget to update the MX records with your ISP?

    If that were the case he would still be able to send mail just not recieve.

    Unless the recieving end is using sender domain checks (reverse lookups) to filter for spam.
    All things are possible, only believe.
  • billybob01billybob01 Member Posts: 504
    Ok i have setup a filter to check SMTP and your right LukeQuake i am seeing denied connections. But i am new to isa 2004 and do not know how to read the filter. What am i looking for here, i mean i know smtp is being denied but where do i go from here?

    The smtp publishing rule is No1 and i have an Outbound smtp rule setup as Internal to External - All Users as No2.
  • sprkymrksprkymrk Member Posts: 4,884 ■■■□□□□□□□
    billybob01 wrote:
    Ok i have setup a filter to check SMTP and your right LukeQuake i am seeing denied connections. But i am new to isa 2004 and do not know how to read the filter. What am i looking for here, i mean i know smtp is being denied but where do i go from here?

    The smtp publishing rule is No1 and i have an Outbound smtp rule setup as Internal to External - All Users as No2.

    You should have another rule for inbound SMTP connections to your mail server, external to internal.
    All things are possible, only believe.
  • billybob01billybob01 Member Posts: 504
    Tried that but still no joy.
  • billybob01billybob01 Member Posts: 504
    i have noticed though that when i enable the All access we can send and receive email, but when the All access rule is disabled we are unable to send mail but we can receive mail.
  • sprkymrksprkymrk Member Posts: 4,884 ■■■□□□□□□□
    billybob01 wrote:
    i have noticed though that when i enable the All access we can send and receive email, but when the All access rule is disabled we are unable to send mail but we can receive mail.

    Just to clarify in case I misunderstood - your users can recieve email from anyone, internal or external?

    They can send email to each other internally but not to external recipients?

    If those are true, then do you have an outbound rule that allows the Exchange Server to send email via SMTP outbound to everyone? I ask because you mentioned a rule allowing "All Users", but I wonder if that includes your Exchange Server itself.
    All things are possible, only believe.
  • billybob01billybob01 Member Posts: 504
    "then do you have an outbound rule that allows the Exchange Server to send email via SMTP outbound to everyone?"

    I have a SMTP Server Publishing rule:
    Action=Allow Traffic=SMTP Server From=Anywhere To=10.10.x.x Networks=External.


    We also have an External Access to ISA DNS server Publishing rule and an Internal DNS to ISA forwarder Access rule. I have tested DNS from the SMTP Server and all is fine.
  • sprkymrksprkymrk Member Posts: 4,884 ■■■□□□□□□□
    billybob01 wrote:
    "then do you have an outbound rule that allows the Exchange Server to send email via SMTP outbound to everyone?"

    I have a SMTP Server Publishing rule:
    Action=Allow Traffic=SMTP Server From=Anywhere To=10.10.x.x Networks=External.

    Am I reading it wrong, or should that be reversed to read:

    Action=Allow Traffic=SMTP Server From=10.10.x.x To=Anywhere Networks=External

    in order to allow outbound email?
    All things are possible, only believe.
  • billybob01billybob01 Member Posts: 504
    You may be right Spymark, i will try that when i go back to work and I`ll let you know
Sign In or Register to comment.