Re: Hitting specific port on internal IP from outside our network

Tech-Archive recommends: Fix windows errors by optimizing your registry

From: "Phillip Windell" <philwindell@xxxxxxxxxxx>
Date: Thu, 12 Apr 2007 15:48:13 -0500

"Michael Behm" <mbehm@xxxxxxxxxxxx> wrote in message
news:%23IfhQHTfHHA.4872@xxxxxxxxxxxxxxxxxxxxxxx

Thanks for the response. My boss and I have talked about taking out the
D-Link, but he likes the added layer of security it offers.

There is no layer of security there,...only a layer of needless complexity. ISA
is a 100 time more secure than it is and is more capable of protecting the DLink
box instead of the reverse.

It's also been nice to have the extra external ports to hook up a machine
that isn't on our internal network.

I can understand that as a benefit, but you can do something similar with ISA by
running a third Nic as a Tri-Homed DMZ with it's own separate subnet.

Back on the original issue.....
You have to perform the action twice. Once on the DLink (treating ISA as if it
was the "target") and then repeat it again on the ISA.

On the DLink box it is using StaticNAT, although I am sure the DLink box calls
it Port Forwarding or some non-sense like that. On the ISA it is called Server
Publishing.

--
Phillip Windell
www.wandtv.com

The views expressed, are my own and not those of my employer, or Microsoft, or
anyone else associated with me, including my cats.
-----------------------------------------------------
Understanding the ISA 2004 Access Rule Processing
http://www.isaserver.org/articles/ISA2004_AccessRules.html

Troubleshooting Client Authentication on Access Rules in ISA Server 2004
http://download.microsoft.com/download/9/1/8/918ed2d3-71d0-40ed-8e6d-fd6eeb6cfa07/ts_rules.doc

Microsoft Internet Security & Acceleration Server: Partners
http://www.microsoft.com/isaserver/partners/default.asp

Microsoft ISA Server Partners: Partner Hardware Solutions
http://www.microsoft.com/forefront/edgesecurity/partners/hardwarepartners.mspx
-----------------------------------------------------

.

References:
- Hitting specific port on internal IP from outside our network
  - From: Michael Behm
- Re: Hitting specific port on internal IP from outside our network
  - From: Asher_N
- Re: Hitting specific port on internal IP from outside our network
  - From: Michael Behm

Prev by Date: ISA 2004 with VPN on SBS
Next by Date: Re: Help - ISA 2006 - Disables RRAS After Install and Applying Changes
Previous by thread: Re: Hitting specific port on internal IP from outside our network
Next by thread: Re: ISA 2006 - Possible memory leak when rule applied
Index(es):
- Date
- Thread

Relevant Pages

RE: Front End/Back End communication
... MVP -- ISA Firewalls ... There is no such thing as security perfection. ... single front-end/back-end Exchange Server will find this setup to be ...
(Focus-Microsoft)
RES: ISA firewall
... If we want to judge ISA as a firewall product (or if you want to judge ... Linux) were compromised by a security hole that was identified days ago, ... flaws, so does every single bit of line of code out there. ...
(Security-Basics)
Re: Forest/Domain in the "DMZ" to accomodate web, front-end servers
... Now as for ISA 2004 being a seamless application layer inpspection security ... out of it too, but I have 500 servers, and 3000 desktops to worry about. ...
(microsoft.public.security)
Re: Firewall recommendations?
... behind your ISA server and ... Also if your defence is all on the ... The point is that security is a process not a product. ... At my previous job I had used Microsoft ISA in a low-security ...
(Security-Basics)
RE: [fw-wiz] Microsoft ISA
... Believe it or not ISA is one of the first software packages from ... Depending on your security ... Server off the DMZ interface). ... other Microsoft Documentation. ...
(Firewall-Wizards)