Professional Documents
Culture Documents
New Member
I need some help with ISA 2004 + Publishing OWA. I
have a follow all the document from ISAServer.org and
other articles on the web. Here is the scenario
Posts: 5
Joined:
28.Mar.2008 Network diagram:
Status: offline
[ DMZ]
Internet <---> CISCO PIX <---> NIC-2<---->
ISA2004<---->NIC1<--->LAN
10.32.4.1 10.32.6.50
10.32.4.10
10.32.6.1
This error means that Remote Execute could not establish connection to the remote
machine.
It is possible that the remote machine is not running and/or connected to the network.
This error could also be caused by mistyping the remote computer name or address
First verify that the remote machine name/address is indeed valid/correct
(You can try to ping it by choosing “Ping Client” from the Client/Command menu).
If the remote machine name/address is incorrect please change it by editing the client
settings and retry to connect.
Close
Sign in
United States (English)
Australia (English)Brasil (Português)Česká republika (Čeština)Danmark (Dansk)Deutschland (Deutsch)España
(Español)France (Français)Indonesia (Bahasa)Italia (Italiano)România (Română)Türkiye (Türkçe)Россия (Русский)
(日本語)香港特別行政區 (中文)
HomeLibraryLearnDownloadsTroubleshootingCommunityForums
SQL Server Developer Center > SQL Server Forums > SQL Service Broker > Connection
attempt failed with error: 10060
Ask a question
Principio del formulario
Search SQL
Search Forums:
• Search SQL Service Broker Forum
• Search All SQL Server Forums
• Search All MSDN Forums
Forum sqlservicebroker Forum sqlservicebroker
Sign In to Vote
I used the example "Completing a Conversation Between Instances" from SQL Server 2008 Books
Online, but when I try to send a message, it does not go through, and in
sys.transmission_queue.transmission_status I see the above error.
○ Reply
○ Quote
Answers
Sign In to Vote
This is a socket timeout error. Make sure that the target machine listens on the specified TCP
port (e.g. Sql Server TCP Provider is enabled) and there are no firewalls on the way blocking
broker connections. Since this is not a broker-specific issue, so it may be easier to just use telnet
for troubleshooting. Open a shell on the initiator machine and try to execute the following
command.
Code Snippet
telnet.exe target-machine target-broker-port
○ Reply
○ Quote
0
Sign In to Vote
rdoronr wrote:
It means that when going over the network, Broker will use machine
credentials. Both machines need to be in the same domain (or in
domains with trusted relationship). Let's say the domain is MyDomain,
and the machine names are InitiatorMachine and TargetMachine. You
need to execute the following statements to make connectivity
between server instances possible (again, right now we're talking
about the transport/network level connectivity only).
On the InitiatorMachine:
Code Snippet
GRANT CONNECT ON ENDPOINT::InstInitiatorEndpoint TO
[MyDomain\TargetMachine$]
Code Snippet
○ Reply
○ Quote
All Replies
Sign In to Vote
This is a socket timeout error. Make sure that the target machine listens on the specified TCP
port (e.g. Sql Server TCP Provider is enabled) and there are no firewalls on the way blocking
broker connections. Since this is not a broker-specific issue, so it may be easier to just use telnet
for troubleshooting. Open a shell on the initiator machine and try to execute the following
command.
Code Snippet
telnet.exe target-machine target-broker-port
○ Reply
○ Quote
0
Sign In to Vote
On target side:
An error occurred while receiving data: 10054
Any ideas?
○ Reply
○ Quote
Sign In to Vote
Looks like transport authentication problem. Please provide the
commands you used to create broker endpoints, commands used to
grant connect permissions on the endpoints, and service accounts that
both your Sql Server instances run as.
○ Reply
○ Quote
Sign In to Vote
On initiator side:
Code Snippet
USE master;
GO
USE InstInitiatorDB;
GO
Code Snippet
USE master;
GO
Thanks
○ Reply
○ Quote
Sign In to Vote
You are forcing Sql Server to use Kerberos to authenticate each other.
For that to work, you would need to manually set SPNs for broker
ports. I doubt you're doing it, so instead I would suggest to use
(AUTHENTICATION = WINDOWS) endpoint option, so that it may fall
back to NTLM in case Kerberos authentication is impossible.
The second thing is that I don't see granting connect permission on the
endpoints you created. Connect permission is necessary for one Sql
Server instance to connect to the other. Don't confuse this with dialog
security (for which you're using certificates). This is something
completelly different, happening on the server level rather than
database level.
Code Snippet
GRANT CONNECT ON ENDPOINT::InstTargetEndpoint TO
[MyDomain\MyUser]
...and vice-versa.
Code Snippet
GRANT CONNECT ON ENDPOINT::InstTargetEndpoint TO
[MyDomain\InitiatorHost$]
...and vice-versa.
○ Reply
○ Quote
Sign In to Vote
Thank you, Pawel, for your willingness to help. I really appreciate it.
You are forcing Sql Server to use Kerberos to authenticate each other. For
that to work, you would need to manually set SPNs for broker ports. I
doubt you're doing it, so instead I would suggest to use (AUTHENTICATION
= WINDOWS) endpoint option, so that it may fall back to NTLM in case
Kerberos authentication is impossible.
The second thing is that I don't see granting connect permission on the
endpoints you created. Connect permission is necessary for one Sql
Server instance to connect to the other. Don't confuse this with dialog
security (for which you're using certificates). This is something
completelly different, happening on the server level rather than database
level.
Code Snippet
GRANT CONNECT ON ENDPOINT::InstTargetEndpoint TO
[MyDomain\MyUser]
I tried that too, but I got error message saying:
Code Snippet
GRANT CONNECT ON ENDPOINT::InstTargetEndpoint TO [MyDomain\MyUser$]
(added the $) and this completed successfully, but only after I also did
Code Snippet
CREATE LOGIN [MyDomain\MyUser$] FROM WINDOWS
I get the same errors on the target like before, and on the initiator I get now in the
profiler:
This message could not be delivered because the security context could not be
retrieved.
○ Reply
○ Quote
Sign In to Vote
OK, I think you've gone too far. Let's back up a little. Please let me
know the service accounts of both your instances. You can find them
by running Sql Server Configuration Manager on both machines and
checking the "Log On As" column. Once you know the service
accounts, that will determine what permissions need to be granted on
your endpoint.
Please note that I didn't review the steps you used for certificate
setup, so I'm not saying it's correct. However I've seen that you
deviated from the published tutorial (e.g. by adding [KERBEROS] to the
endpoint creation options). What I would recommend is to follow the
tutorial closely, and only after it starts working adjust the setup to your
needs. That way you will now which change to the default setup
caused problems (i.e. adding [KERBEROS]).
Btw. the dollar sign after an account name means that this is a
machine account rather than user account, so there is really no point
in trying to add '$' after MyDomain\MyUser. It won't make it work.
Good luck!
○ Reply
○ Quote
Sign In to Vote
○ Reply
○ Quote
Sign In to Vote
rdoronr wrote:
It means that when going over the network, Broker will use machine
credentials. Both machines need to be in the same domain (or in
domains with trusted relationship). Let's say the domain is MyDomain,
and the machine names are InitiatorMachine and TargetMachine. You
need to execute the following statements to make connectivity
between server instances possible (again, right now we're talking
about the transport/network level connectivity only).
On the InitiatorMachine:
Code Snippet
GRANT CONNECT ON ENDPOINT::InstInitiatorEndpoint TO
[MyDomain\TargetMachine$]
Code Snippet
○ Reply
○ Quote
Sign In to Vote
Pawel,
They are missing from the tutorial example, and initially, when the
tutorial had not worked for me - I tried to add all sorts of "solutions"
proposed for similar situations on the web, some of which probably
only made things worse.
What I did now was to clean up everything, then run the tutorial again
from scratch, but adding the above commands to the respective sides.
There is still one oddity, though: while the profiler does not show
anything on the target side, the profiler on the initiator side still
displays messages:
Are these some remnants from before that require some sort of
additional cleanup?
Thanks again.
○ Reply
○ Quote
0
Sign In to Vote
rdoronr wrote:
There is still one oddity, though: while the profiler does not show anything
on the target side, the profiler on the initiator side still displays messages:
The second one, however, is a sign of something bad going on. But
this is dialog security issue (as opposed to transport security, which we
have just successfully sorted out), so for the sake of clarity I would
suggest you to open another topic on the forum for the new issue,
because they are completely unrelated. But first make sure that it isn't
something obvious by looking at Audit Broker Conversation profiler
event from the Security Audit group. It should provide more
information on why the security context cannot be retrieved.
○ Reply
○ Quote
Sign In to Vote
Once I re-started SQL Server Management Studio and the Profiler - all
these messages ceased to appear, and even after exchanging
messages between the sides - there are no more error messages
anywhere.
Thanks
○ Reply
○ Quote
= Unanswered = Answered
0 0
Project Cool
An ASP.NET Blog
Enviar
<< Update to my post on SQL Azure Migration Wizard | Home | IIS Tools - truck load of them at www.iis.net
>>
Resolving the “TCP error code 10060: A connection attempt failed…” while
consuming a web service
Recently, one of the queries I had was on “TCP error code 10060: A connection attempt
failed because the connected party did not properly respond after a period of time, or
established connection failed because connected host has failed to respond” while
consuming a web service over proxy settings. Setting the UseDefaultWebProxy to true
didn’t help with this error.
I had earlier written a post on explicitly setting the proxy in the configuration file for
Web Services. The scenario here though was, a WCF Service Client trying to consume
the web service.
However, the same work around proved helpful. After setting the proxy explicitly, the
web service could be consumed by the WCF Client.
The proxy setting that you want to add to the config file is as below:-
<system.net>
<defaultProxy>
<proxy
usesystemdefault = "false"
proxyaddress="http://address:port"
bypassonlocal="false"
/>
</defaultProxy>
</system.net>
This would go within the <configuration> </configuration> tags. You can read the
post written earlier at
http://geekswithblogs.net/ranganh/archive/2005/08/29/51474.aspx
Cheers !!!
Print
Comments on this entry:
Cheers for that.. I'm not hugely confident with that stuff so thatl help
Давно искал как это делается, буду чаще заходить на Ваш блог.
# Christian Louboutin
Left by liran313315715 at 3/15/2010 1:53 PM
Welcome to Christian Louboutin , the world’s premier luxury brand of authentic boots, shoes and
slippers.
We guarantee you’ll want to get naked in your Christian Louboutin Shoes ! Christian Louboutin
uses only the highest-grade material available.Our Louboutin UK is now available in stylish new
colors and patterns that will add life to your wardrobe.
Our company carry on various Christian,inc Christian Shoes and Louboutin.
<p>I like the side of the article, and very like your blog, to write well and hope to continue your
efforts, we can see more of your articles.Christian Louboutin shoes. Recommend you to take a
look at it, is now being discounted, Christian Louboutin Fall-Winter Collection in hot! </p>
welcome to our online shop ,we will give you the best .
http://www.christianlouboutinolshop.com
It was a very nice idea! Just wanna say thank you for the information you have shared.
After setting the proxy explicitly, the web service could be consumed by the WCF Client.
GHD straighteners
cheap christian louboutin shoes
http://www.onsale-ghd.com
http://www.mychristianlouboutinshoes.com
Its always good to learn tips like you share for blog posting. As I just started posting comments
for blog and facing problem of lots of rejections. I think your suggestion would be helpful for me. I
will let you know if its work for me too. Thank you for sharing this beautiful articles. keep going,
best of luck
Choose - tour to 4 star Florence hotels, 4 star hotel in Rome, 4 star hotels in Venice.Luxury
cruises.Get air line ticket voucher now.
Shoes are not only made with fashion in mind; they are also made to be comfortable.
cheapsexyshoes
I found this post while searching google. Quite surprising too, since google usually displays
relatively old results but this one is very recent! Anyway, very informative, especially since this is
not something many people tend to write something good about. any words i like puma shoes
Take care…
Hello everyone.
In our online shop, you can purchase different designer mbt shoes, and we offer the commodities
are high in quality and reasonable at price now.
These are our mbt shoes on sale.
Shop's homepage www.mbtshoeshop-online.com
[URL=http://www.mbtshoeshop-online.com]mbt shoes[/URL]
<a href=\"http://www.mbtshoeshop-online.com\">mbt men
I got a good definition for TCP error code 10060: A connection attempt failed because the
connected party did not properly respond after a period of time, or established connection failed
because connected host has failed to respond. Cheers
s o what can i do
Welcome to Moncler Jackets online shop.The 2010 latest and most fashionable Jackets,save up to
60% off. 7 days delivery to worldwide with free shipping.
Our aim is to provide customers high-quality products and excellent after-sales service.
We launched the 2010 latest and most fashionable True Religion jeans on our shop, you are
welcome to patronize.Here are many discounts for you.
Our aim is to provide high-quality products and excellent after-sales service.
I Googled this error & found your site. It has been very helpful, not only for this error, but other
issues.
# discount watches
Left by snzdheh@yahoo.com at 5/6/2010 2:08 PM
The new high can browse your article
Another reason that I would regard joining a political party to be such a valuable thing is that
dramatically positive and liberating experience.
You write some very informative blogs. I always check back here often to see if you have
updated.
It's a great pleasure for me to say that you have been more than impressive, just keep this
impression like this for years to come.
Chris Harris
Freestyle Medela
<p>Thank you for your sharing. Supposed to attack these head-on and you will find a deep
sense of gratification thatwill fuel your happiness. Maybe you are also interested in Christian
Louboutin shoes. I'm just hearing the curiosity behind it.
Thanks for solving this - I'm never quite sure what to do with these kind of errors. Cheers, Dan
what can i do
nice!!
i like it!
http://finechristianlouboutin.com/
our finechristianlouboutin.com sell well-designed christian shoes, whichever style of shoes you"re
looking for, classical, fashionable,lovely or the latest design, you can find your favorite christian
louboutin shoes here. you may find it amazing in their looks if it"s the first time for you to see
them. we promise, you"ll love them.
Thanks for solving this - I'm never quite sure what to do with these kind of errors. James
I liked it very much. PLease keep sharing this type of blogs in the future also.
Resolving the error is an enigma for me still. Even after reading this post I can not do anything
with it. The errors are consuming my time a lot.
# air purifiers
Left by m tomas at 10/2/2010 6:47 AM
Before you buy any smaller hepa filter air purifier you need to read up on its filter. How often
does it have to be changed and how much does each one cost?
i am using proxifier to bypass the proxy settings of my college. i am getting this message when i
try to connect. what should i do?
I am just new to your blog and just spent about 1 hour and 30 minutes lurking and reading. I
think I will frequent your blog from now on after going through some of your posts. I will
definitely learn a lot from them.Wedding dress
Bridal Gowns
Your comment:
Title:
re: Resolving t
Remember Me?
DqPYtRsoD7I7Gd
enter the correct word
Comment Reset
« February »
Su Mo Tu We Th
Fri Sat
n n e d u
30 31 1 2 3 4 5
6 7 8 9 10 11 12
13 14 15 16 17 18 19
20 21 22 23 24 25 26
27 28 1 2 3 4 5
6 7 8 9 10 11 12
ASP.NET
Promote Your Page Too
About
• Contact
• Login
ranganh VTD WebMatrix session by Harish rocks #vtd about 2 days ago
ranganh URL for attending VTD www.virtualtechdays.com #vtd about 4 days ago
ranganh Virtual TechDays 2011 happening right now #vtd about 4 days ago
ranganh HTML5 and Visual Studio 2010 http://tinyu...s2010 about 6 days ago
ranganh Microosft adds H.264 support to Google Chrome http://tinyu...zr @doctypehtml5 about 10 days ago
ranganh Microsoft adds H.264 support to Google Chrome http://tinyu...7zr #doctypehtml5 about 10 days ago
ranganh @roopesh_reddy roopesh, webcamps last city would be Kochi. Will let you know when the next round of webcamps happen about
11 days ago
ranganh Mobile device detection and redirection for ASP.NET applications http://51deg....com/ about 12 days ago
ranganh @tweetsmilu .NET 4.0 came along with Visual Studio 2010. Are you looking for something specific? about 17 days ago
Archives
Post Categories
• ASP.NET
• Windows Vista
• Visual Studio
• Events
• Silverlight
• Windows Live
• Windows XP
• Microsoft Office
• Video
• Windows Azure
• Internet Explorer
• Web Development
• Microsoft Expression
• Windows 7
• SQL Server
• Entity Framework
• WebMatrix
• Razor
• Personal
• Microsoft
• Internet Explorer
• Windows Mobile
• HTML5
Blogs I read
• Lakshmi
• Pandurang Nayak
• Scott Guthrie
• Somasegar
• Vinod Kumar
Syndication:
RSS ATOM
© Harish Ranganathan
Theme by PiyoDesign. Valid XHTML & CSS.
When you are programming in php within windows os and you received HTTP ERROR: Couldn't
open socket connection to server. Error (10060): A connection attempt failed because the
connected party did not properly respond after a period of time, or established connection failed
because connected host has failed to respond.
The Reason and solution for socket error 10060 and solution is
given bellow
A.Windows firewall blocking connection:
For Example For PHP it is 8080 or 80 port number and for mail service
it is port 25 .
Do the same procedure for the outbound Rules.
B.Your DNS Name is not resolved properly.
If Your DNS name is not resolved properlly then this error might
occure.In case of local host If Your localhost is not Resolved properlly
then you can try 127.0.0.1 this might work for you. example:
http://127.0.0.1:80/webservice/nusoap/server/server.php?wsdl
C. Your Script might not properlly response because of Timeout of socket connection.
Newsgrupos.com > Forum > Principio del formulario
Newsgroup Nombre de Usuario N o m b re d e
microsoft.public.es.* 1 Foro > ¿Recordarme?
Newsgroup Contraseña In ic iaSer s ió n
microsoft.public.es.isaserver
8ee95f55ef0b745 login
tunel entre empresas
- no llego a webserver
Final del formulario
Ir
Búsqueda Avanzada
Ir a la Página...
Principio del formulario
Página 1 de
12>
2
#1
04-09-2008, 16:42:55
gracias.
alejo.
Today
This advertising will not be shown
in this way to registered members.
Advertising Register your free account today
Google Adsense and become a member on
Newsgrupos.com
Sponsored Links
#2
04-09-2008, 17:13:47
El niño santo de Emaus Mensajes: n/a
Re: tunel entre empresas - no llego a webserver
Hola Alejo. ¿El túnel es de tipo IPSec?
Saludos
// Raúl
--
Check my blog at http://edgesecurity.blogspot.com
---------------------------------------------------------------------------------
"Alejo [CAP]" <alko26***nospam.hotmail.com> wrote in message
news:ulXaK1qDJHA.3636***TK2MSFTNGP02.phx.gbl...
> tenemos que ingresar a unos server web de la otra red conectada por un
> tunel. usamos PROXY para navegar y puse exclusiones del rango ip que tiene
> la otra red. igualmente sigo sin poder conectarme.
>
> este mensaje aparece todo el tiempo.
>
> Log type: Web Proxy (Forward)
> Status: 10060 A connection attempt failed because the connected party did
> not properly respond after a period of time, or established connection
> failed because connected host has failed to respond.
>
> Closed Connection Server1 9/4/2008 12:38:45 PM
> Log type: Firewall service
> Status: A connection was gracefully closed in an orderly shutdown process
> with a three-way FIN-initiated handshake.
> Rule:
> Source: Local Host ( 190.2.xxx.yyy:15631)
> Destination: VPN - RED2--RED1 ( 10.aaa.0.ccc:80)
> Protocol: HTTP
>
> lo que observo tambien es que intenta salir por la IP publica el
> requerimiento y no por tunel VPN
>
> espero se haya entendido.
>
> gracias.
>
> alejo.
#3
04-09-2008, 17:13:47
El niño santo de Emaus Mensajes: n/a
Re: tunel entre empresas - no llego a webserver
Hola Alejo. ¿El túnel es de tipo IPSec?
Saludos
// Raúl
--
Check my blog at http://edgesecurity.blogspot.com
---------------------------------------------------------------------------------
"Alejo [CAP]" <alko26***nospam.hotmail.com> wrote in message
news:ulXaK1qDJHA.3636***TK2MSFTNGP02.phx.gbl...
> tenemos que ingresar a unos server web de la otra red conectada por un
> tunel. usamos PROXY para navegar y puse exclusiones del rango ip que tiene
> la otra red. igualmente sigo sin poder conectarme.
>
> este mensaje aparece todo el tiempo.
>
> Log type: Web Proxy (Forward)
> Status: 10060 A connection attempt failed because the connected party did
> not properly respond after a period of time, or established connection
> failed because connected host has failed to respond.
>
> Closed Connection Server1 9/4/2008 12:38:45 PM
> Log type: Firewall service
> Status: A connection was gracefully closed in an orderly shutdown process
> with a three-way FIN-initiated handshake.
> Rule:
> Source: Local Host ( 190.2.xxx.yyy:15631)
> Destination: VPN - RED2--RED1 ( 10.aaa.0.ccc:80)
> Protocol: HTTP
>
> lo que observo tambien es que intenta salir por la IP publica el
> requerimiento y no por tunel VPN
>
> espero se haya entendido.
>
> gracias.
>
> alejo.
#4
04-09-2008, 22:47:34
Alejo [CAP] Mensajes: n/a
Re: tunel entre empresas - no llego a webserver
si, de un lado isa 2004 sp3/win2003sp2 y del otro Cisco ASA
gracias
#5
04-09-2008, 22:47:34
Alejo [CAP] Mensajes: n/a
Re: tunel entre empresas - no llego a webserver
si, de un lado isa 2004 sp3/win2003sp2 y del otro Cisco ASA
gracias
Espero que funcione. Si es así te explico porqué creo que te está pasando
Saludos
// Raúl
--
Check my blog at http://edgesecurity.blogspot.com
---------------------------------------------------------------------------------
"Alejo [CAP]" <alko26***nospam.hotmail.com> wrote in message
news:Osxr6AuDJHA.4104***TK2MSFTNGP05.phx.gbl...
> si, de un lado isa 2004 sp3/win2003sp2 y del otro Cisco ASA
>
> gracias
>
>
> "El niño santo de Emaus" <rmoros***kabel.es> wrote in message
> news:#N3SWGrDJHA.504***TK2MSFTNGP02.phx.gbl...
>> Hola Alejo. ¿El túnel es de tipo IPSec?
>>
>> Saludos
>>
>> // Raúl
>>
>> --
>> Check my blog at http://edgesecurity.blogspot.com
>>
>> ---------------------------------------------------------------------------------
>> "Alejo [CAP]" <alko26***nospam.hotmail.com> wrote in message
>> news:ulXaK1qDJHA.3636***TK2MSFTNGP02.phx.gbl...
>>> tenemos que ingresar a unos server web de la otra red conectada por un
>>> tunel. usamos PROXY para navegar y puse exclusiones del rango ip que
>>> tiene la otra red. igualmente sigo sin poder conectarme.
>>>
>>> este mensaje aparece todo el tiempo.
>>>
>>> Log type: Web Proxy (Forward)
>>> Status: 10060 A connection attempt failed because the connected party
>>> did not properly respond after a period of time, or established
>>> connection failed because connected host has failed to respond.
>>>
>>> Closed Connection Server1 9/4/2008 12:38:45 PM
>>> Log type: Firewall service
>>> Status: A connection was gracefully closed in an orderly shutdown
>>> process with a three-way FIN-initiated handshake.
>>> Rule:
>>> Source: Local Host ( 190.2.xxx.yyy:15631)
>>> Destination: VPN - RED2--RED1 ( 10.aaa.0.ccc:80)
>>> Protocol: HTTP
>>>
>>> lo que observo tambien es que intenta salir por la IP publica el
>>> requerimiento y no por tunel VPN
>>>
>>> espero se haya entendido.
>>>
>>> gracias.
>>>
>>> alejo.
>>
>>
#7
05-09-2008, 07:56:26
El niño santo de Emaus Mensajes: n/a
Re: tunel entre empresas - no llego a webserver
Supongo que has definido subredes para la red interna y la remota y has
creado una relación entre redes de Route ¿no?. Si no lo has hecho, te
recomiendo hacerlo. A continuación define un protocolo con el nombre que te
guste que sea de tipo Outbound TCP puerto 80 (sí, lo mismo que HTTP.
Importante, no le asocies ningún filtro). Haz una regla arriba del todo
permitiendo este protocolo entre la red interna y la remota. Justo debajo
haz otra regla denegando HTTP (el estándar) entre la red interna y la
remota.
Espero que funcione. Si es así te explico porqué creo que te está pasando
Saludos
// Raúl
--
Check my blog at http://edgesecurity.blogspot.com
---------------------------------------------------------------------------------
"Alejo [CAP]" <alko26***nospam.hotmail.com> wrote in message
news:Osxr6AuDJHA.4104***TK2MSFTNGP05.phx.gbl...
> si, de un lado isa 2004 sp3/win2003sp2 y del otro Cisco ASA
>
> gracias
>
>
> "El niño santo de Emaus" <rmoros***kabel.es> wrote in message
> news:#N3SWGrDJHA.504***TK2MSFTNGP02.phx.gbl...
>> Hola Alejo. ¿El túnel es de tipo IPSec?
>>
>> Saludos
>>
>> // Raúl
>>
>> --
>> Check my blog at http://edgesecurity.blogspot.com
>>
>> ---------------------------------------------------------------------------------
>> "Alejo [CAP]" <alko26***nospam.hotmail.com> wrote in message
>> news:ulXaK1qDJHA.3636***TK2MSFTNGP02.phx.gbl...
>>> tenemos que ingresar a unos server web de la otra red conectada por un
>>> tunel. usamos PROXY para navegar y puse exclusiones del rango ip que
>>> tiene la otra red. igualmente sigo sin poder conectarme.
>>>
>>> este mensaje aparece todo el tiempo.
>>>
>>> Log type: Web Proxy (Forward)
>>> Status: 10060 A connection attempt failed because the connected party
>>> did not properly respond after a period of time, or established
>>> connection failed because connected host has failed to respond.
>>>
>>> Closed Connection Server1 9/4/2008 12:38:45 PM
>>> Log type: Firewall service
>>> Status: A connection was gracefully closed in an orderly shutdown
>>> process with a three-way FIN-initiated handshake.
>>> Rule:
>>> Source: Local Host ( 190.2.xxx.yyy:15631)
>>> Destination: VPN - RED2--RED1 ( 10.aaa.0.ccc:80)
>>> Protocol: HTTP
>>>
>>> lo que observo tambien es que intenta salir por la IP publica el
>>> requerimiento y no por tunel VPN
>>>
>>> espero se haya entendido.
>>>
>>> gracias.
>>>
>>> alejo.
>>
>>
#8
05-09-2008, 07:59:26
El niño santo de Emaus Mensajes: n/a
Re: tunel entre empresas - no llego a webserver
Por cierto, veo que ya conseguiste establecer el túnel. ¿Cuál era el truco?
¿Tenía que ver con el NAT-T como sospechábamos?
// Raúl
--
Check my blog at http://edgesecurity.blogspot.com
---------------------------------------------------------------------------------
"Alejo [CAP]" <alko26***nospam.hotmail.com> wrote in message
news:Osxr6AuDJHA.4104***TK2MSFTNGP05.phx.gbl...
> si, de un lado isa 2004 sp3/win2003sp2 y del otro Cisco ASA
>
> gracias
>
>
> "El niño santo de Emaus" <rmoros***kabel.es> wrote in message
> news:#N3SWGrDJHA.504***TK2MSFTNGP02.phx.gbl...
>> Hola Alejo. ¿El túnel es de tipo IPSec?
>>
>> Saludos
>>
>> // Raúl
>>
>> --
>> Check my blog at http://edgesecurity.blogspot.com
>>
>> ---------------------------------------------------------------------------------
>> "Alejo [CAP]" <alko26***nospam.hotmail.com> wrote in message
>> news:ulXaK1qDJHA.3636***TK2MSFTNGP02.phx.gbl...
>>> tenemos que ingresar a unos server web de la otra red conectada por un
>>> tunel. usamos PROXY para navegar y puse exclusiones del rango ip que
>>> tiene la otra red. igualmente sigo sin poder conectarme.
>>>
>>> este mensaje aparece todo el tiempo.
>>>
>>> Log type: Web Proxy (Forward)
>>> Status: 10060 A connection attempt failed because the connected party
>>> did not properly respond after a period of time, or established
>>> connection failed because connected host has failed to respond.
>>>
>>> Closed Connection Server1 9/4/2008 12:38:45 PM
>>> Log type: Firewall service
>>> Status: A connection was gracefully closed in an orderly shutdown
>>> process with a three-way FIN-initiated handshake.
>>> Rule:
>>> Source: Local Host ( 190.2.xxx.yyy:15631)
>>> Destination: VPN - RED2--RED1 ( 10.aaa.0.ccc:80)
>>> Protocol: HTTP
>>>
>>> lo que observo tambien es que intenta salir por la IP publica el
>>> requerimiento y no por tunel VPN
>>>
>>> espero se haya entendido.
>>>
>>> gracias.
>>>
>>> alejo.
>>
>>
#9
05-09-2008, 07:59:26
El niño santo de Emaus Mensajes: n/a
Re: tunel entre empresas - no llego a webserver
Por cierto, veo que ya conseguiste establecer el túnel. ¿Cuál era el truco?
¿Tenía que ver con el NAT-T como sospechábamos?
// Raúl
--
Check my blog at http://edgesecurity.blogspot.com
---------------------------------------------------------------------------------
"Alejo [CAP]" <alko26***nospam.hotmail.com> wrote in message
news:Osxr6AuDJHA.4104***TK2MSFTNGP05.phx.gbl...
> si, de un lado isa 2004 sp3/win2003sp2 y del otro Cisco ASA
>
> gracias
>
>
> "El niño santo de Emaus" <rmoros***kabel.es> wrote in message
> news:#N3SWGrDJHA.504***TK2MSFTNGP02.phx.gbl...
>> Hola Alejo. ¿El túnel es de tipo IPSec?
>>
>> Saludos
>>
>> // Raúl
>>
>> --
>> Check my blog at http://edgesecurity.blogspot.com
>>
>> ---------------------------------------------------------------------------------
>> "Alejo [CAP]" <alko26***nospam.hotmail.com> wrote in message
>> news:ulXaK1qDJHA.3636***TK2MSFTNGP02.phx.gbl...
>>> tenemos que ingresar a unos server web de la otra red conectada por un
>>> tunel. usamos PROXY para navegar y puse exclusiones del rango ip que
>>> tiene la otra red. igualmente sigo sin poder conectarme.
>>>
>>> este mensaje aparece todo el tiempo.
>>>
>>> Log type: Web Proxy (Forward)
>>> Status: 10060 A connection attempt failed because the connected party
>>> did not properly respond after a period of time, or established
>>> connection failed because connected host has failed to respond.
>>>
>>> Closed Connection Server1 9/4/2008 12:38:45 PM
>>> Log type: Firewall service
>>> Status: A connection was gracefully closed in an orderly shutdown
>>> process with a three-way FIN-initiated handshake.
>>> Rule:
>>> Source: Local Host ( 190.2.xxx.yyy:15631)
>>> Destination: VPN - RED2--RED1 ( 10.aaa.0.ccc:80)
>>> Protocol: HTTP
>>>
>>> lo que observo tambien es que intenta salir por la IP publica el
>>> requerimiento y no por tunel VPN
>>>
>>> espero se haya entendido.
>>>
>>> gracias.
>>>
>>> alejo.
>>
>>
#10
08-09-2008, 01:46:33
Alejo [CAP] Mensajes: n/a
Re: tunel entre empresas - no llego a webserver
no comprendo lo del filtro.
gracias.
alejo
Página 1 de
12>
2
Mode Lineal
Cambiar a Modo
Hibrido
Cambiar a Modo Hilado
Temas Similares
Respuest Último
Tema Autor Foro
as mensaje
05-08-
tunel entre cisco Alejo Newsgroup
3 2008
asa5510 con isa 2004 [CAP] microsoft.public.es.isaserver
09:15:41
LinkBack URL
About LinkBacks
Bookmark & Share
Bookmark in Technorati
Cierre
Sign in
España (Español)
Australia (English)Brasil (Português)Česká republika (Čeština)Danmark (Dansk)Deutschland (Deutsch)France
(Français)Indonesia (Bahasa)Italia (Italiano)Magyarország (Magyar)România (Română)Singapore (English)Türkiye
(Türkçe)United States (English)Россия (Русский) )ישראל )עברית(المملكة العربية السعودية )العربيةไทย (ไทย) 대한민국 (한
국어)中华人民共和国 (中文)台灣 (中文)日本 (日本語)香港特別行政區 (中文)
Resources for IT Professionals
InicioBibliotecaAprendizajeDescargaSoporteComunidadForos
Recursos para Profesionales de TI > Página principal de foros > Foros de Seguridad > Protección y
acceso (Edge Security / ISA Server) > LAN no accede a servidor WEB interno
Formular una pregunta
Principio del formulario
Buscar en el f
Búsqueda de foros:
• Buscar en el foro de Protección y acceso (Edge Security / ISA Server)
• Buscar en todos los foros de Seguridad
• Buscar en todos los foros de Microsoft TechNet
Forum forefrontedgees Forum forefrontedgees
Final del formulario
Mi LAN no puede acceder a un servidor web interno, este servidor esta bajo un Active Directory, este
es el escesario:
Isa 2006 bajo un Active Directory, dominio bajo WinServer 2003 configurados los DNS de ISP como
reenviadores, Servidor WEB en red interna bajo Active Directory.
El detalle esque si este Servidor WEB lo saco del dominio la red interna si accede a la pagina web de
este servidor.
○ Responder
○ Citar
Respuestas
Saludos,
Jimcesse
○ Citar
Todas las respuestas
Hola Omar,
El problema parece de DNS, ¿Has probado que la resolución en los clientes es correcta?
Un saludo
GregoJ
"Saber que se sabe lo que se sabe y que no se sabe lo que no se sabe; he aquí el verdadero saber."
Confucio
○ Responder
○ Citar
Gracias pro contestar GregoJ, el problema se genera cuando el servidow WEB interno lo agrego al
Dominio ya que si lo dejo en un grupo de trabajo no tengo ningun problema,
En cuanto la resolucion de nombres DNS, te comento que en el servidor ISA cuento con una regla
que permite HTTP, HTTPS y DNS de la red interna a red interna y al servidor WEB interno.
○ Responder
○ Citar
• miércoles, 05 de mayo de 2010 23:05 Jimcesse
Jimcesse
○ Responder
○ Citar
Ingreso con IP
PD. La regla en isaserver 2006 la he publicado para que la red interna acceda ya se por IP o por
nombre de servidor WEB
○ Responder
○ Citar
Un saludo
GregoJ
"Saber que se sabe lo que se sabe y que no se sabe lo que no se sabe; he aquí el verdadero saber."
Confucio
○ Responder
○ Citar
○ Responder
○ Citar
Si agregas el servidor al domino y tratas de accesar al WEB localmente (osea desde el localhost) la
puedes ver ???
Por otro lado antes del ISA tienes algun otro Firewall (aunque sea el de Windows o anti-virus) ???
Que sistema operativo tiene el servidor donde tienes el WEB instalado ???
Saludos,
Jimcesse
○ Responder
○ Citar
○ Citar
Saludos,
Jimcesse
○ Citar
Temas relacionados
Estadísticas
• Comenzado: 27/04/2010
• Última respuesta: 07/05/2010
• Votos útiles: 0
• Respuestas: 9
• Visualizaciones: 467