Re: Should I just dump ISA and buy a PIX ??
From: Jim Harrison [MSFT] (jmharr_at_online.microsoft.com)
Date: 03/30/04
- Next message: Jim Harrison [MSFT]: "Re: Lots of event 14120 in log"
- Previous message: al: "Re: FrontEnd/BackEnd Vs ISA (reverse proxy)"
- In reply to: Chris & Val: "Re: Should I just dump ISA and buy a PIX ??"
- Messages sorted by: [ date ] [ thread ]
Date: Tue, 30 Mar 2004 14:54:24 -0800
Kewlness!
See, ISA (even in Beta) is better than PIX...
:-)
-- Jim Harrison [ISASE] Read the help, books and articles! This posting is provided "AS IS" with no warranties, and confers no rights. "Chris & Val" <vb@nospam.dial.pipex.com> wrote in message news:f78c301a7991315cb564292f5fe72c7d@news.teranews.com... Well Jim I finally got it cracked. I have always known how to restrict the port range in DCOM which I did (I used Ports 5000-5025) and opened up TCP Ports 5000-5025 on my access rules accordingly. The thing I was missing to get it all to work was to uncheck the option "Enforce Strict RPC Compliance". This was mentioned in the Beta 2 release notes. Thnaks for all your help. Chris "Jim Harrison [MSFT]" <jmharr@online.microsoft.com> wrote in message news:uPOcaUnFEHA.3856@TK2MSFTNGP12.phx.gbl... > DCOM is nasty because unless you limit it to specific ports, it uses dynamic ones. > You basically have two choices here: > 1 - lock down DCOM between the two hosts using it across the ISA and set your policies accordingly > http://www.microsoft.com/com/wpaper/dcomfw.asp#tcp > 2. create a wide-open path between them (and only them) across the ISA. > > HTH, > -- > Jim Harrison [ISASE] > Read the help, books and articles! > > This posting is provided "AS IS" with no warranties, and confers no rights. > > > "Chris & Val" <vb@nospam.dial.pipex.com> wrote in message news:96b1a7f3abcabc2fd35353e87bc1bffc@news.teranews.com... > Jim, > > Thanks for your help. I installed ISA-2004 Beta 2 and it seems to do what I > want it to do. I was able to enable/disable FTP and PING using the firewall > policies. > > However, when I tried getting my application that uses DCOM to work, It > refused to work. I removed all the ruls except the default last rule And > created my own rule (All Protocols to all networks) and the application > Would not work. > > My Server and client are on two different subnets and the ISA box has > Routing & Remote Access configured to act as a LAN router. I added 2 rules > To route (non-NAT) between the network but no success. Should I disable the > Routing & Remote Access and rely on just ISA routing instead ? > > I may install ethereal tomorrow and see what packets are being dropped, this > Should help me better I think. > > Regards & Thanks > > Chris > > "Jim Harrison [MSFT]" <jmharr@online.microsoft.com> wrote in message > news:eNgq7JPFEHA.1240@TK2MSFTNGP10.phx.gbl... > > Unfortunately, it seems you've misunderstood the docs and the terminology. > > "Publishing" refers to making internal servers available to other (non-LAT > in ISA2000) networks; it doesn't "announce" anything. > > Packet Filters and Protocol Definitions are completely unrelated in ISA > 2000. > > > > -- > > Jim Harrison [ISASE] > > Read the help, books and articles! > > > > This posting is provided "AS IS" with no warranties, and confers no > rights. > > > > > > > > >
- Next message: Jim Harrison [MSFT]: "Re: Lots of event 14120 in log"
- Previous message: al: "Re: FrontEnd/BackEnd Vs ISA (reverse proxy)"
- In reply to: Chris & Val: "Re: Should I just dump ISA and buy a PIX ??"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
