Re: ISA Openning ports on the ISA so traffic can go through

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

From: Enyalius (anonymous_at_discussions.microsoft.com)
Date: 05/03/04 

Date: Mon, 3 May 2004 12:15:35 -0700

If you were to run ISA as your firewall yes ping would be
considered a security risk but I am not. The isa server
is running on a machine that is behind our firewall. Even
so ssh, https (with outgoing ports required to be open)
and other such programs/things "do not work!". This is my
main concern. They work fine from the server but as soon
as I go to the machines that are connected to the
ISA/sbs2000 server those machines do not work.

Any more suggestions?

>-----Original Message-----
>Only SecureNAT Clients and "ping" all other types
cannot. Allowing "ping"
>is considered a security risk and so the services of ISA
(apart from the
>SecureNAT Service) do not process ICMP requests at all.
>
>
>--
>
>Phillip Windell [MCP, MVP, CCNA]
>www.wandtv.com
>
>
>"Enyalius" <anonymous@discussions.microsoft.com> wrote
in message
>news:78e101c4312a$74ab5730$a501280a@phx.gbl...
>> Ok I went to the packet filters and enabled the IP
>> routing like you said and it still doesnt allow pings
or
>> ssh or anything else. Is there maybe anything else you
>> can think of that needs to be changed or enabled?
>>
>> Thanks
>>
>> >-----Original Message-----
>> >Enable IP routing.
>> >
>> >Tony Su
>> >
>> >
>> >
>> >>-----Original Message-----
>> >>I am running ISA on SBS2000 and have the ablility to
>> ping
>> >>out for the server, but any computers behind the
server
>> >>cannot ping anything but the servers internal IP.
This
>> >>also goes for SSH and a few secure websites that I
try
>> to
>> >>access, requiring particular ports to be open. I
assume
>> >>that the problem is with what the webproxy allows, I
>> have
>> >>tried allowing access policies by adding packet
>> filters,
>> >>but this only seems to affect the server.
>> >>
>> >>Can someone please help? I read the responses that
>> >>Tristan got a few questions down and I would
appreciate
>> >>it if someone that knew how to get this to work was
to
>> >>respond instead of getting the same answers back
that I
>> >>am asking...
>> >>.
>> >>
>> >.
>> >
>
>
>.
>

Relevant Pages

  • Re: HTTP trouble in 2004
    ... > understand is why can't I ping the public address of the DC. ... >> separating the DC role from the ISA Server role. ... >>>I appear to be an ISA dummy and have a small problem. ... My nics are setup with teh DC being the DNS server and my IE ...
    (microsoft.public.isaserver)
  • RE: VPN Connects, but no Internal IP or network resources.
    ... versions of ISA yet seem to be having the same trouble. ... I just noticed in this post though, that you can't even ping the other ... an access issue rather than connectivity. ... My ISA server is going to be down until I rebuild it, so I can't even do any ...
    (microsoft.public.isa.vpn)
  • Re: Valid scenario for ISA 2004 Site to Site Deployment?
    ... Right - I understand your point regarding ping. ... rule setup so the corpnet can talk to the hosted server w/o any problems. ... So - back to the original question, would this be a valid scenario for ISA ...
    (microsoft.public.isa.configuration)
  • Re: Unable to PING a single host from ISA 2006 Server
    ... ping works. ... Q1 - have you done due diligence regarding the NIC drivers on the ISA? ... I would agree if my captures showed traffic leaving my ISA server and ... When I PING other host on same VLAN as ISA and F5, ...
    (microsoft.public.isa)
  • Re: Unable to PING a single host from ISA 2006 Server
    ... request and Ping reply come in and out of the internal interface that is on ... Q1 - have you done due diligence regarding the NIC drivers on the ISA? ... I would agree if my captures showed traffic leaving my ISA server and ... When I PING other host on same VLAN as ISA and F5, ...
    (microsoft.public.isa)