Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

Firewall clients cannot connect to external locations by using a Winsock program through an upstream computer that is running ISA Server 2004


View products that this article applies to.

For a Microsoft Internet Security and Acceleration Server 2000 version of this article, see 275234 (http://support.microsoft.com/kb/275234/).
For a Microsoft Internet Security and Acceleration Server 2000 version of this article, see 275234 (http://support.microsoft.com/kb/275234/).

↑ Back to the top


Symptoms

Computers that are running the Microsoft Firewall Client program can access external Web sites by using a Web browser program. However, they cannot connect to external locations by using other Winsock programs.

↑ Back to the top


Cause

This issue may occur if all the following conditions are true:
The client computers access the Internet through chained Microsoft Internet Security and Acceleration (ISA) Server computers.
All Internet access for the client computers is provided by the upstream ISA Server computer.
No direct connection exists between the client computers and the upstream ISA Server computer that provides Internet access.
This issue occurs if only the routing rules have been configured between the ISA Server computers. You must configure firewall service chaining (Winsock proxy chaining) and specify the upstream server.

↑ Back to the top


Resolution

To resolve this issue, configure firewall service chaining (Winsock proxy chaining) between the ISA Server computers. To do this, follow these steps:
1.Start the ISA Server Management tool, and then connect to the downstream ISA Server computer if you are not already connected to it.
2.Expand ServerName, where ServerName is the name of your ISA Server computer.
3.Expand Configuration, and then click General.
4.On the General tab, click Configure Firewall Chaining.
5.Configure the firewall chaining information, and then click OK.

Note For additional information about each of the items in the Firewall Chaining dialog box, search on "Configure firewall chaining" in ISA Server 2004 Help.
6.Click Apply to save your changes and to update the firewall policy, and then click OK.

↑ Back to the top


More information

The firewall chaining functionality configures the ISA Server computer to behave as a firewall client to the upstream ISA Server computer. In ISA Server, routing rules and all the configuration settings apply only to Web browser proxy requests. You must also configure firewall service chaining and specify the upstream ISA Server computer.

↑ Back to the top


Keywords: KB837575, kbprb, kbenv, kbfirewall

↑ Back to the top

Article Info
Article ID : 837575
Revision : 2
Created on : 7/16/2004
Published on : 7/16/2004
Exists online : False
Views : 440