Re: trouble creating policy to access port on internal nic?

From: "A. Klimkin" <nothanks at microsoft.com>
Date: Wed, 2 Aug 2006 12:09:12 +0400

Assuming the Netop host is listening on tcp/6502 you should configure the
following policy elements on your ISA server:

1. Custom protocol definition as follows:
Name: Netop
Primary connections: 6502 - TCP - Outbound
Secondary connections: <none>

2. Access rule as follows:
Action: Allow
Protocols: Netop
From: Internal
To: Localhost
Users: All users

Make sure this access rule is on top of the firewall policies list. That's
all.

Regards,
Andrew

"Les Caudle" <very@xxxxxxxxxxxxxxx> wrote in message
news:kb50d2heabf572nmk0dch38c12qitgm50h@xxxxxxxxxx

I have Netop remote control installed on ISA 2004, listening to the
internal ip
address on tcp port 6502. I was able to access it from another box on my
local
network before I installed ISA 2004.

In the firewall log, I can see that port 6502 is being denied with the
defualt
rule. The with Source Network: internal and Destination Network:
localHost,
port 6502, unidentified ip traffic.

I created a firewall policy that allowed ports 6502-6503 for tcp (receive
then
send) and UDP 6502-6503 receive/send. with From/Listener: Internal and To:
LocalHost.

However, I get the same Denied - default rule in the firewall log.

Where am I going wrong? This seems like it should be a no brainer. Just
follow
the firewall log and create a policy?
--
Thanks in advance, Les Caudle

Follow-Ups:
- Re: trouble creating policy to access port on internal nic?
  - From: Les Caudle

References:
- trouble creating policy to access port on internal nic?
  - From: Les Caudle

Prev by Date: trouble creating policy to access port on internal nic?
Next by Date: Published SMTP server works on Internal but not DMZ
Previous by thread: trouble creating policy to access port on internal nic?
Next by thread: Re: trouble creating policy to access port on internal nic?
Index(es):
- Date
- Thread

Relevant Pages

Re: [RE: Access to well-known ports on Win2K]
... communication typically uses the ephemeral port range. ... policy - works for all users of the machine; and can allow or block access ... many routes for deployment as you mention: Group Policy; Local Security ... > IPSec Policy Agent service then the IPSec policy is no longer active. ...
(Focus-Microsoft)
RE: [RE: Access to well-known ports on Win2K]
... destination port and ANY source port. ... > policy - works for all users of the machine; ... > Local Security ... >> could use an IPSec policy and deploy to all users to block ...
(Focus-Microsoft)
Re: event id 1030
... port filtering enabled and is blocking port 389. ... Windows Platform Support Team ... > Windows cannot query for the list of Group Policy objects. ...
(microsoft.public.windows.server.active_directory)
Re: Bittorrent - utorrent
... You mean free solutions? ... Block initiating traffic outbound to any port except those required for business purposes would be an excellent start. ... If no such policy is in place, you can't reasonably expect users to adher to unwritten rules. ...
(Focus-IDS)
Re: IPSec Policy Doesnt Really Block
... basic filters to allow port 80 and port 25 inbound from Any to My IP, ... >I have created ipsec policies that work. ... The I add mirrored permit rules for the exceptions such ... >> Here is a list of IPSECPOL.exe commands I am using to create the policy. ...
(microsoft.public.win2000.networking)