Re: Adding Rules for Blackberry ES to ISA 2000 - SOLVED
- From: ericjmail@xxxxxxxxx
- Date: 3 Jan 2006 12:11:32 -0800
Thanks to Steve for the reply, unfortunately that was not a solution.
After much hair pulling, I finally detected that the blackberry process
was not performing as advertised in the manual, or as the three tech
support reps said. That is that the bbes required only port 3101,
outbound, initiated, pure nat to work.
I found that their connection actually initiated a connection on port
3101 to their server, and then their server "asked" for a connection on
another (random, ranged) port in the 34000 range.
So I modified my rules from what RIM doc & support emphatically states:
allow TCP 3101, any lan machine to any outside host :: allow host to
reply on 3101
TO a "cascaded dynamic" port rule:
allow TCP 3101, any lan machine to any outside host :: allow host to
reply on 3101
AND ONCE CONNECTED,
allow dynamic outbound AND
allow dynamic inbound
With this rule in place everything works fine
I called RIM support and after much discussion the 1st level rep put me
on hold for about 10 minutes and then came back and stated that the
escalation team confirms that this is actually true. It would be nice
if their documentation was technically correct, and even nicer if their
support reps had accurate information, or at least would check as i
requested on my first 3 calls to them.
Note that in order to get outbound bes to work on an isa server (when
running on the isa server itself) you must configure a packet filter
rule the same as the protocol rule
.
- Prev by Date: Re: Adding Rules for Blackberry ES to ISA 2000 - SOLVED
- Next by Date: ISA2k WebProxy service delays
- Previous by thread: Re: Adding Rules for Blackberry ES to ISA 2000 - SOLVED
- Next by thread: ISA2k WebProxy service delays
- Index(es):
Relevant Pages
|
