Re: Opening IP 50 (ESP)? ISA management 2000 on 2000 server

From: "Mohammed A. Raslan" <m_raslan@xxxxxxxxxxxxxxxxx>
Date: Mon, 2 Oct 2006 15:55:43 +0300

ISA 2000 don't allow you to create rules for IP Protocols other than TCP and
UDP, only them can be created. If you want to support VPN, the ISA Server
itself must be the VPN Server, and it supports both L2TP and PPTP, but the
VPN Server can't be behind ISA Server.

For ICMP, yeah you are right, its done using Packet Filters. but this will
just allow the ICMP traffic from and to the ISA server not from external
hosts to internal ones. If you want to allow internal users to be able to
ping external sites then right click on the Packet Filter node in ISA
Management Console and get its properties then enable IP Packet filtering
and IP Packet Routing. and enable the ICMP packet filter

For the ICMP types and codes check the following link
http://www.iana.org/assignments/icmp-parameters
You will need the echo and echo reply, types 0 and 8, however the defult
ICMP packet filter

Regards,
Mohammed A. Raslan

<peter.zelonis@xxxxxxxxx> wrote in message
news:1159714722.047991.311120@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

I am new to administering an ISA management 2000 environment. I have
been asked to open UDP and TCP ports. I can see how this is done by
using protocol definitions and rules. But how do I open IP 50 (ESP)?
I only see the option for TCP or UDP. On a side note I've also been
asked to open IP/ICMP type 8 (echo). I do this by creating a IP packet
filter correct? When I am creating the filter do I select custom or
can I use a prefined filter type? I do not see "ICMP echo" as one of
the predefined filters. So do I chose custom select ICMP>[chose
direction]> I am not clear on selecting the 'Type' and 'Code'. Do I
select Type 8? Sorry if these questions are very basic. I have tried
"googling" these issues but was unclear on some points. Please direct
me to any additional documentation that may assist me. Thank you.

References:
- Opening IP 50 (ESP)? ISA management 2000 on 2000 server
  - From: peter . zelonis

Prev by Date: Re: ISA 2004 wspsrv.exe
Next by Date: Re: Outside the Firewall Internet Computer Cannot be Accessed from Internal Network
Previous by thread: Opening IP 50 (ESP)? ISA management 2000 on 2000 server
Next by thread: Re: ISA 2004 wspsrv.exe
Index(es):
- Date
- Thread

Relevant Pages

Spoof attack
... it means that your ISA is working (and congrats ... that IP address by creating a blocking Packet Filter so ... >ISA Server detected a spoof attack from Internet Protocol ...
(microsoft.public.windows.server.sbs)
RE: Packet Filter
... > as i understood Packet filter is used to make a control on the Incomeing ... > Traffic which is comeing to the ISA server from the external users - ... is used to make a control on the outgoing traffic from the ISA ... > the Port for HTTP only and this Port is open dynamic through Policy, ...
(microsoft.public.isa.configuration)
RE: ISA question
... configuration port in ISA? ... In the right pane, click Create Packet Filter. ... In the Apply this packet filter to box, ... >each external interface on the ISA Server computer, ...
(microsoft.public.windows.server.sbs)
IP Packet filter is dropping packets please help
... How do I determine which IP packet filter is causing the issue? ... Event Source: Microsoft ISA Server Control ... information about this event, see ISA Server Help. ...
(microsoft.public.isa)
Re: Help With DNS Through VPN
... the pre-defined DNS lookup filter is used to allow DNS queries FROM ... > the ISA server - not TO. ... For the actual procedure (creating the packet filter) to enable access ...
(microsoft.public.isa)