Re: To allow inbound traffic from a specific ip
From: Mohammed A. Raslan (m_raslan_at_link.net.removethis)
Date: 12/27/04
- Previous message: Andrey: "2 Internet providers through single ISA 2004 box"
- In reply to: Shanthi: "Re: To allow inbound traffic from a specific ip"
- Messages sorted by: [ date ] [ thread ]
Date: Tue, 28 Dec 2004 02:27:08 +0300
Well this is a problem.
You can try to following, create a new protocol (not a protocol rule) for
that website, specify in the Primary connection in the Protocol field TCP
and in the Direction outbound, the port range, 80 to 80, press next then in
the secondary connections window add a new entry specifying the protcol as
TCP, and the direction as inbound, and the port range that you seen, note
that this not the IP address of the webserver, its the port their
application is trying to access, in your case 59721 was one of the ports, i
don't know if there is any other ports, but watch your logs for any
connection attempts from their servers to your ISA server.
After that create a computer set the contains the IP addresses of the server
you want to access, which are 202.56.245.224 - 202.56.245.239 as you said.
After you finish the creating the protocol and the computer set, create an
Access Rule that allows this protocol you just created from Internal as a
source to the computer set you just created as a destinaiton for all users.
make sure that you specify the computer set as a destination and not
External, otherwise it will be a huge security risk
One very important note, make sure that this rule is in the top if your
rules list before any other rules.
If this didn't work, then i'm afraid that i don't know any other way to do
this.
-- Yours truly, Mohammed A. Raslan Systems Engineer / Consultant MCSE+I NT4, MCSA: Security, MCSE: Security, MCDBA, CCNA Mobile: +20 (12) 36 26 112 / +965 978 1969 E-Mail: m_raslan@link.net.removethis "Shanthi" <Shanthi@discussions.microsoft.com> wrote in message news:8AD3307B-27E4-484E-B9AA-3D48DA14E14F@microsoft.com... > Yes. This port is changing and i found the range of ip address is > "202.56.245.224 - 202.56.245.239" > > Can i give a rule, to allow inbound traffic to my isa server from the above > specified ip range. > > Please help me to fix this . > > "Mohammed A. Raslan" wrote: > > > Does this port change or is it always the same number > > > > -- > > Yours truly, > > Mohammed A. Raslan > > Systems Engineer / Consultant > > MCSE+I NT4, MCSA: Security , MCSE: Security, MCDBA, CCNA > > Mobile: +20 (12) 36 26 112 / +965 978 1969 > > E-Mail: m_raslan@link.net.removethis > > > > > > "Shanthi" <Shanthi@discussions.microsoft.com> wrote in message > > news:B59E8D0F-D5E2-44CC-9238-DEAA8E13E5CF@microsoft.com... > > > I am using ISA 2004 server. I have allowed all outbound traffic to my user > > > name and my system ip. When i ty to login to a specific site (bank > > website), > > > it is logging as > > > Client Ip - 202.56.245.234 > > > Port - 59721 > > > Protocol - Unidentified IP traffic > > > Action - Denied Connection > > > Source Network - External > > > Destination etwork - Local Host > > > > > > I want to receive some data from the same. How to rectify this, and to be > > > allowed traffic from the specified site ip. > > > > > > Thanks in advance, if any one can fix this > > > > > > > > >
- Previous message: Andrey: "2 Internet providers through single ISA 2004 box"
- In reply to: Shanthi: "Re: To allow inbound traffic from a specific ip"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
