Re: When do I choose for OUTBOUND or INBOUND in a protocol?
From: Herm (mighty_herm_at_hotmail.com)
Date: 01/25/05
- Next message: Herm: "Re: DHCP console not working anymore after installing ISA2004!"
- Previous message: Elena: "Re: Isa 2004 an Exchange 2003"
- In reply to: Ori Yosefi [MSFT]: "Re: When do I choose for OUTBOUND or INBOUND in a protocol?"
- Next in thread: Ori Yosefi [MSFT]: "Re: When do I choose for OUTBOUND or INBOUND in a protocol?"
- Reply: Ori Yosefi [MSFT]: "Re: When do I choose for OUTBOUND or INBOUND in a protocol?"
- Messages sorted by: [ date ] [ thread ]
Date: Tue, 25 Jan 2005 23:22:11 +0100
Hi Ori,
Tank you for your great explinations. Should make sense.
You asked if you understand me allright. Wel yes i think you do
I will tell ya what i want to get working here.
ISPQ (www.ispq.com) is the videochat application that is running on my
workstation (10.0.0.50)
It listens to the TCP ports 2004,2005,2006...
Like explained earlier i made the accesrule, i am able to browse the
userdirectory lists, send and receive quick messages! But if someone calls
me it will be blocked!
What do i do worng? How would you set this up?
Thanks for you help,
Herman F.
"Ori Yosefi [MSFT]" <oriy@online.microsoft.com> schreef in bericht
news:%23BKn%23VrAFHA.2552@TK2MSFTNGP09.phx.gbl...
> Herm hi,
>
> Regarding INBOUND and OUTBOUND.
>
> The usuall meaning of INBOUND is when you have a server in your "internal"
> network (or any other network for that matter), usually being NATed, that
> you want to expose to the world. In that case you would create a
> publishing rule (hence inbound) which would allocate a port on ISA's
> external network interface card, and would direct all received traffic to
> the "published server". Please note that the scenario I have described is
> only one scenario and the published server can be on other networks
> (including the localhost) and the scenario between the client's network
> and the server's network may also be route.
>
> An OUTBOUND traffic is usually meant when you have a client application in
> the "internal" network (again, this is just an example - can be any other
> network) and you want to allow the client application access to the
> outside world (hence OUTBOUND). In this case you would create an access
> rule that would allow a specific traffic outside. In this case ISA does
> not have to allocate a port, it only has to pass the traffic sent from the
> client application to the outside server, as the server is usually not
> NATed.
>
> In your example, if you want to allow access to a specific port on ISA
> itself, adding an access rule from the external network to the local host
> should work. If the rule doesn't work, I suggest that you check the
> logging information and see that the traffic indeed matches the policy
> rule that you have defined. If it does not, you can see in the logging
> which fields are mismatched.
>
> Regarding the Firewall client, I'm not sure that I understand what you are
> trying to do.
>
> Are you trying to "expose" an application running on your workstation to
> the outside world? This should be easily done by creating a protocol that
> defines the ports used by the application and then creating a publishing
> rule that would publish the application on your workstation. This would
> cause the ISA to listen on those ports and forward the traffic to your
> application.
>
> If I have not answered your question, please tell me what I have
> misunderstood and I will try again.
>
> Hope this helps,
>
> Ori.
>
>
> --
> This posting is provided "AS IS" with no warranties, and
> confers no rights.
>
>
> Please do not send email directly to this alias. This alias is for
> newsgroup purposes only.
> Ori Yosefi[MSFT] ISA Server Team
>
> "Herm" <mighty_herm@hotmail.com> wrote in message
> news:%23ZiS5hiAFHA.3376@TK2MSFTNGP12.phx.gbl...
>> Hi,
>>
>> Maybe this should be the first technologie to get familiar with, but
>> somehow
>> I lost the edge here...
>> I am a beginner on ISA 2004 and try to figure this box out!
>>
>> I am a little confused with the terms OUTBOUND and INBOUND when I create
>> a
>> protocol. And also using the FW client is not clear to me (strange
>> behaviour)...
>>
>> Example;
>>
>> Running Windows Server 2003 with ISA 2004 on the same box. Now I want
>> allow
>> an application using port 2004-2006 for example, to accept incoming
>> traffic.. Must I setup INBOUND ports or OUTBOUND ports? The the
>> Acces-Rule
>> for the selected protocols should be from EXTERNAL to LOCAL HOST, isnt
>> it?
>>
>> The second problem I have is how to get my workstation listening to this
>> ports also. Cause the workstation runs the application. I asume
>> installing
>> the FW client is needed here?
>>
>> But somehow it still not works. The ports are open (tested with shields
>> up!), The application on my worstation is assuming the external IP
>> address
>> is bound to the workstation. But still the analyzer detects a firewall!
>> And
>> the ports are denied in the ISA-loggin. I had it working 2 times now!
>> meaning on a sudden moment without even look at the ISA (no changes) it
>> worked. Restarting the application is enough to make it fail again.
>>
>> I am getting a bit frustrated here cause I hate when I dont see the
>> light!
>>
>> Any suggestions ?
>>
>> Kind Regards,
>> Herm
>>
>>
>>
>
>
- Next message: Herm: "Re: DHCP console not working anymore after installing ISA2004!"
- Previous message: Elena: "Re: Isa 2004 an Exchange 2003"
- In reply to: Ori Yosefi [MSFT]: "Re: When do I choose for OUTBOUND or INBOUND in a protocol?"
- Next in thread: Ori Yosefi [MSFT]: "Re: When do I choose for OUTBOUND or INBOUND in a protocol?"
- Reply: Ori Yosefi [MSFT]: "Re: When do I choose for OUTBOUND or INBOUND in a protocol?"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
