Re: ISA Openning ports on the ISA so traffic can go through
From: Tony Su (anonymous_at_discussions.microsoft.com)
Date: 05/03/04
- Next message: Atravesde - MAYNOR CARCAMO: "VPN 3th virtual lan interface, dns conflicts"
- Previous message: Tony Su: "RE: Routing and remote acess don' start"
- In reply to: Enyalius: "Re: ISA Openning ports on the ISA so traffic can go through"
- Messages sorted by: [ date ] [ thread ]
Date: Mon, 3 May 2004 14:41:58 -0700
Usually, enabling IP routing across the ISA server is all
I've found is required.
-Recommend checking RRAS to be sure your ISA setting was
replicated to RRAS. If you're on Win2K, there is only on
RRAS IP Routing configuration... on Win2K3, there are
two... one for remote clients dialing into your Server and
the other for your LAN clients connecting to remote WAN
Hosts. The second one is the setting you need to set.
I had not heard about the SNAT requirement, at the moment
one of my machines in my LAN is configured as a FW client
and is still able to ping across ISA... in fact, when I
ping the FW client icon goes active.
Also, regarding your SSH question... Packet Filters only
enable/disable/block access between the Server and the
Internet. If you want to configure support for your
clients, you need to configure Site & Content/Protocol
Rules, not Packet Filters.
Tony Su
>-----Original Message-----
>If you were to run ISA as your firewall yes ping would be
>considered a security risk but I am not. The isa server
>is running on a machine that is behind our firewall. Even
>so ssh, https (with outgoing ports required to be open)
>and other such programs/things "do not work!". This is my
>main concern. They work fine from the server but as soon
>as I go to the machines that are connected to the
>ISA/sbs2000 server those machines do not work.
>
>Any more suggestions?
>
>>-----Original Message-----
>>Only SecureNAT Clients and "ping" all other types
>cannot. Allowing "ping"
>>is considered a security risk and so the services of ISA
>(apart from the
>>SecureNAT Service) do not process ICMP requests at all.
>>
>>
>>--
>>
>>Phillip Windell [MCP, MVP, CCNA]
>>www.wandtv.com
>>
>>
>>"Enyalius" <anonymous@discussions.microsoft.com> wrote
>in message
>>news:78e101c4312a$74ab5730$a501280a@phx.gbl...
>>> Ok I went to the packet filters and enabled the IP
>>> routing like you said and it still doesnt allow pings
>or
>>> ssh or anything else. Is there maybe anything else you
>>> can think of that needs to be changed or enabled?
>>>
>>> Thanks
>>>
>>> >-----Original Message-----
>>> >Enable IP routing.
>>> >
>>> >Tony Su
>>> >
>>> >
>>> >
>>> >>-----Original Message-----
>>> >>I am running ISA on SBS2000 and have the ablility to
>>> ping
>>> >>out for the server, but any computers behind the
>server
>>> >>cannot ping anything but the servers internal IP.
>This
>>> >>also goes for SSH and a few secure websites that I
>try
>>> to
>>> >>access, requiring particular ports to be open. I
>assume
>>> >>that the problem is with what the webproxy allows, I
>>> have
>>> >>tried allowing access policies by adding packet
>>> filters,
>>> >>but this only seems to affect the server.
>>> >>
>>> >>Can someone please help? I read the responses that
>>> >>Tristan got a few questions down and I would
>appreciate
>>> >>it if someone that knew how to get this to work was
>to
>>> >>respond instead of getting the same answers back
>that I
>>> >>am asking...
>>> >>.
>>> >>
>>> >.
>>> >
>>
>>
>>.
>>
>.
>
- Next message: Atravesde - MAYNOR CARCAMO: "VPN 3th virtual lan interface, dns conflicts"
- Previous message: Tony Su: "RE: Routing and remote acess don' start"
- In reply to: Enyalius: "Re: ISA Openning ports on the ISA so traffic can go through"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
