Re: Should I just dump ISA and buy a PIX ??

From: Chris & Val (vb_at_nospam.dial.pipex.com)
Date: 03/30/04

• Next message: Chris & Val: "ISA Server 2004 Release Date"
• Previous message: Jim Harrison [MSFT]: "Re: Should I just dump ISA and buy a PIX ??"
• In reply to: Jim Harrison [MSFT]: "Re: Should I just dump ISA and buy a PIX ??"
• Next in thread: Jim Harrison [MSFT]: "Re: Should I just dump ISA and buy a PIX ??"
• Reply: Jim Harrison [MSFT]: "Re: Should I just dump ISA and buy a PIX ??"
• Messages sorted by: [ date ] [ thread ]

Date: Tue, 30 Mar 2004 17:32:13 GMT

Well Jim I finally got it cracked. I have always known how to restrict the
port range in DCOM
which I did (I used Ports 5000-5025) and opened up TCP Ports 5000-5025 on my
access rules
accordingly. The thing I was missing to get it all to work was to uncheck
the option "Enforce
Strict RPC Compliance". This was mentioned in the Beta 2 release notes.

Thnaks for all your help.
Chris

"Jim Harrison [MSFT]" <jmharr@online.microsoft.com> wrote in message
news:uPOcaUnFEHA.3856@TK2MSFTNGP12.phx.gbl...
> DCOM is nasty because unless you limit it to specific ports, it uses
dynamic ones.
> You basically have two choices here:
> 1 - lock down DCOM between the two hosts using it across the ISA and set
your policies accordingly
> http://www.microsoft.com/com/wpaper/dcomfw.asp#tcp
> 2. create a wide-open path between them (and only them) across the ISA.
>
> HTH,
> --
> Jim Harrison [ISASE]
> Read the help, books and articles!
>
> This posting is provided "AS IS" with no warranties, and confers no
rights.
>
>
> "Chris & Val" <vb@nospam.dial.pipex.com> wrote in message
news:96b1a7f3abcabc2fd35353e87bc1bffc@news.teranews.com...
> Jim,
>
> Thanks for your help. I installed ISA-2004 Beta 2 and it seems to do what
I
> want it to do. I was able to enable/disable FTP and PING using the
firewall
> policies.
>
> However, when I tried getting my application that uses DCOM to work, It
> refused to work. I removed all the ruls except the default last rule And
> created my own rule (All Protocols to all networks) and the application
> Would not work.
>
> My Server and client are on two different subnets and the ISA box has
> Routing & Remote Access configured to act as a LAN router. I added 2 rules
> To route (non-NAT) between the network but no success. Should I disable
the
> Routing & Remote Access and rely on just ISA routing instead ?
>
> I may install ethereal tomorrow and see what packets are being dropped,
this
> Should help me better I think.
>
> Regards & Thanks
>
> Chris
>
> "Jim Harrison [MSFT]" <jmharr@online.microsoft.com> wrote in message
> news:eNgq7JPFEHA.1240@TK2MSFTNGP10.phx.gbl...
> > Unfortunately, it seems you've misunderstood the docs and the
terminology.
> > "Publishing" refers to making internal servers available to other
(non-LAT
> in ISA2000) networks; it doesn't "announce" anything.
> > Packet Filters and Protocol Definitions are completely unrelated in ISA
> 2000.
> >
> > --
> > Jim Harrison [ISASE]
> > Read the help, books and articles!
> >
> > This posting is provided "AS IS" with no warranties, and confers no
> rights.
> >
> >
> >
>
>
>

• Next message: Chris & Val: "ISA Server 2004 Release Date"
• Previous message: Jim Harrison [MSFT]: "Re: Should I just dump ISA and buy a PIX ??"
• In reply to: Jim Harrison [MSFT]: "Re: Should I just dump ISA and buy a PIX ??"
• Next in thread: Jim Harrison [MSFT]: "Re: Should I just dump ISA and buy a PIX ??"
• Reply: Jim Harrison [MSFT]: "Re: Should I just dump ISA and buy a PIX ??"
• Messages sorted by: [ date ] [ thread ]

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint