Microsoft KB Archive/837575

= Firewall clients cannot connect to external locations by using a Winsock program through an upstream computer that is running ISA Server 2004 =

Article ID: 837575

Article Last Modified on 7/16/2004

-

APPLIES TO


 * Microsoft Internet Security and Acceleration Server 2004 Standard Edition

-





For a Microsoft Internet Security and Acceleration Server 2000 version of this article, see 275234.



SYMPTOMS
Computers that are running the Microsoft Firewall Client program can access external Web sites by using a Web browser program. However, they cannot connect to external locations by using other Winsock programs.



CAUSE
This issue may occur if all the following conditions are true:
 * The client computers access the Internet through chained Microsoft Internet Security and Acceleration (ISA) Server computers.
 * All Internet access for the client computers is provided by the upstream ISA Server computer.
 * No direct connection exists between the client computers and the upstream ISA Server computer that provides Internet access.

This issue occurs if only the routing rules have been configured between the ISA Server computers. You must configure firewall service chaining (Winsock proxy chaining) and specify the upstream server.



RESOLUTION
To resolve this issue, configure firewall service chaining (Winsock proxy chaining) between the ISA Server computers. To do this, follow these steps:
 * 1) Start the ISA Server Management tool, and then connect to the downstream ISA Server computer if you are not already connected to it.
 * 2) Expand  , where   is the name of your ISA Server computer.
 * 3) Expand Configuration, and then click General.
 * 4) On the General tab, click Configure Firewall Chaining.
 * 5) Configure the firewall chaining information, and then click OK.

Note For additional information about each of the items in the Firewall Chaining dialog box, search on &quot;Configure firewall chaining&quot; in ISA Server 2004 Help.
 * 1) Click Apply to save your changes and to update the firewall policy, and then click OK.



MORE INFORMATION
The firewall chaining functionality configures the ISA Server computer to behave as a firewall client to the upstream ISA Server computer. In ISA Server, routing rules and all the configuration settings apply only to Web browser proxy requests. You must also configure firewall service chaining and specify the upstream ISA Server computer.

Additional query words: mspclnt

Keywords: kbfirewall kbenv kbprb KB837575

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.