Adding Rules for Blackberry ES to ISA 2000

Tech-Archive recommends: Fix windows errors by optimizing your registry

Hello

CONFIG INFO:
WINDOWS 2000 sp4
MS ISA 2000 sp1
blackberry ent srv 3.5

I've been trying to install and operate blackberry enterprise server in
my environment but am having difficulty getting their network test
utility to communicate successfully with their servers.

The manual says that I need to open port 3101 for outbound originated
traffic and allow traffic back in on the same port (3101). I've spoken
with their tech support and they have shown me a BBSRSTEST utility that
attempts to communicate with their server on their end
(srs.na.blackberry.net) and fails with error 100065, no route to host.

In ISA server, i created a protocol definition called "BBERRY" using
::: port 3101, tcp, outbound, secondary 3101, tcp, inbound. Then i
created a protocol rule to allow, defined protocol "BBERRY", all the
time, any request.

i open a command line on the isa box and use their tool to test:
i restarted all services and test:fails as above
i restarted entire server and test: fails as above

note that i CAN ping srp.na.blackberry.net
i can tracert out through my routers, my isp, across the internet and
finally timeout at the second router into the blackberry net.

the blackberry rep asked me to try:
"tracert srp.na.blackberry.net 3101"

this resolves to 0.0.12.29 (i don't believe that you can tracert on a
port number, but he said it works so what the heck - can't hurt!)

SOOOOO, back to ISA1

I added two more protocol definitions that speficy simply:
bberyin - 3101, tcp, inbound
bberryout- 3101, tcp, outbound
update the protocol rule to allow those as well and
then back through the restart loop and same result.

I'll be trying a test from elsewhere later on today - is there anyone
out there that can pull the stupid blinds off my eyes and shown me my
error, or am i really the unlucky first victim?

thanks in advance for any help..

e

.

Relevant Pages

  • Re: "Opening ports"
    ... When filtering log on port 5656, ... Create Protocol: ... Understanding the ISA 2004 Access Rule Processing ... Microsoft Internet Security & Acceleration Server: ...
    (microsoft.public.isa)
  • Re: How to Configure ISA 2004 for remote access like vnc, pcanywhere
    ... ISA has several protocols pre-defined, but it isn't uncommon for us to need to define custom protocols to allow certain traffic. ... ISA will route this traffic to a specific IP address, so your target server always needs to have the same IP address. ... Then in ISA we need to create our PCAnywhere Server protocol if it doesn't exist, then create a new Server Publishing Rule to forward PCAnywhere traffic to the target machine. ...
    (microsoft.public.windows.server.sbs)
  • vpn over nat through isa server
    ... ISA 2000 server with SP1 ... Start the ISA Management snap-in. ... Under Policy Elements, locate the Protocol Definitions ...
    (microsoft.public.isa.vpn)
  • Re: RTMP on Isa server
    ... Install the Firewall Client on the PC ... The Filter would have to be joined to the Protocol. ... Understanding the ISA 2004 Access Rule Processing ... Troubleshooting Client Authentication on Access Rules in ISA Server 2004 ...
    (microsoft.public.isa)
  • Re: From Cisco Pix to ISA.
    ... Static NAT which is not the same as 1:1 NAT. ... ISA does not ... Microsoft Internet Security & Acceleration Server: ... Just remember to choose the Protocol "SMTP Server", ...
    (microsoft.public.isa.publishing)