RE: ISA access rules, help

---

• From: v-bpeng@xxxxxxxxxxxxxxxxxxxx ("Bill Peng [MSFT]")
• Date: Fri, 15 Jul 2005 06:58:47 GMT

---

Hi Gary,

Thank you for posting here.

First of all, please let me know whether you're using ISA 2000 or ISA 2004
(SBS SP0 or SBS SP1).

Generally, if you're going to access an internal client computer's IIS
page, the ISA server will not be used as a proxy server. Please make sure:

1. You've typed http://servername/videoinsight as the http address.
2. The following configuration has been made:

a) Open Internet Options.
b) Click Connections tab and click LAN Settings.
c) Make sure that the "Use a proxy server for your LAN" has been checked
and the SBS server's name and port 8080 are in the boxes.
d) Make sure the "Bypass proxy server for local addresses" has been checked.

To publish the services to the internet, I recommend you to create multiple
server publishing rules to achieve the goal (I assume that you're using ISA
2000 since you didn't mention SP1). Since SBS already used port 80, I
recommend you to use port 8888 for the second server. You can follow the
steps below to publish the servers with port 8888, 4000, 1433, and 11111.
(I will use 8888 as an example)

1. Create a Protocol Definition for the new port in ISA. To do so:

a. Open ISA Management, navigate under the servername to Policy
Elements\Protocol Definitions.
b. Right-click and then click New, click Definition.
c. Type this for the name: Internal Website 8888 Inbound, click Next.

Port number: 8888
Protocol type: TCP
Direction: Inbound

d. Click Next.
e. No secondary connections needed, so click Next.
f. Click Finish.

2. Create a Server publishing rule for that client. To do so:

a. In ISA Management, navigate under the servername to Publishing, Server
Publishing Rules.
b. Right click Server Publishing Rules, click New, click Rule.
c. Type the name "Internal Website 8888" (no quotes) and click Next.
d. Enter the IP address of the internal server in the space labeled "IP
address of the internal server", and enter the external IP of the server in
the box "External IP address on ISA Server". Then click Next.
e. Select the Protocol Definition created in above steps from the drop down
list presented, click Next.
f. Click Next to select Any Request.

3. Create other server publishing rules to publish other ports (4000, 1433,
and 11111).

I hope the above info helps.

If there's any update, please don't hesitate to let me know.

Regards,

Bill Peng
MCSE 2000, MCDBA, CCNP, CCDA
Microsoft CSS Online Newsgroup Support

Get Secure! - www.microsoft.com/security
=====================================================
When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive notification. When responding to
posts via your newsreader, please "Reply to Group" so that others may learn
and benefit from your issue.

Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.

The SBS public newsgroup only focuses on SBS related technical issues, for
other Microsoft products, we recommend you to post to appropriate newsgroup
to get most qualified responses.
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx

For urgent issues, you may want to contact Microsoft PSS directly. Please
check http://support.microsoft.com for regional support phone numbers.

Any input or comments in this thread are highly appreciated.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.

--------------------
>From: "Gary V." <salarmy@xxxxxxxxxxxx>
>Newsgroups: microsoft.public.windows.server.sbs
>Subject: ISA access rules, help
>Date: 14 Jul 2005 09:36:40 -0700
>Organization: http://groups.google.com
>Lines: 25
>Message-ID: <1121359000.666970.144200@xxxxxxxxxxxxxxxxxxxxxxxxxxxx>
>NNTP-Posting-Host: 208.53.87.254
>Mime-Version: 1.0
>Content-Type: text/plain; charset="iso-8859-1"
>X-Trace: posting.google.com 1121359006 990 127.0.0.1 (14 Jul 2005 16:36:46
GMT)
>X-Complaints-To: groups-abuse@xxxxxxxxxx
>NNTP-Posting-Date: Thu, 14 Jul 2005 16:36:46 +0000 (UTC)
>User-Agent: G2/0.2
>Complaints-To: groups-abuse@xxxxxxxxxx
>Injection-Info: f14g2000cwb.googlegroups.com; posting-host=208.53.87.254;
> posting-account=FbCvfA0AAACjuAQLB1cdUV3g5WbrHvTY
>Path:
TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!newsfeed00.sul.t-online.de!t-onli
ne.de!news.glorb.com!newsread.com!news-xfer.newsread.com!postnews.google.com
!f14g2000cwb.googlegroups.com!not-for-mail
>Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.windows.server.sbs:135796
>X-Tomcat-NG: microsoft.public.windows.server.sbs
>
>I'm installing a digital video surveillance system in our warehouse.
>The program runs on its own computer inside the sbs 2003 prem network.
>All the recording works great. My questions...
>The program publishes on its own computer a web page (default port 80,
>but I can change the port to anything I want) so any computer with a
>browser can view all the live video feeds. I can get
>http://localhost/videoinsight to work on the actual video computer but
>when I try http://192.168.16.32/videoinsight I get my sbs server
>firewall error message network access message: page cannot be
>displayed. The video software says it needs ports 4000 (network
>clients) 1433 (sql authentication) 11111 (video insight control
>channel) For web clients 80 and Email 25.
>
>So how do I open these ports in isa? Do I just make an access rule? For
>testing before I change port 80 can I open port 80 for internal only or
>is this not possible? And what port number should I change it to later?
>
>My second question, how would I publish the video web page on whatever
>port I chose on a client computer on the sbs 2003 prem network? I guess
>I would have to port forward to the video computer but I need some help
>with that or a paper walk through.
>
>Thanks for any help you all can offer
>Gary V.
>
>

.

---

• Follow-Ups:
  • RE: ISA access rules, help
    • From: Bill Peng [MSFT]

• References:
  • ISA access rules, help
    • From: Gary V.

• Prev by Date: Re: Remote site performance issues
• Next by Date: RE: Accessing two domains over LAN
• Previous by thread: ISA access rules, help
• Next by thread: RE: ISA access rules, help
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: RWW Timing ... If you have installed ISA, ... Expand the server node and highlight ''Monitoring''. ... In the following website you can find many useful resources related to SBS ... Microsoft CSS Online Newsgroup Support ... (microsoft.public.windows.server.sbs) RE: Port Forwarding With 2 NIC Configuration ... Can SBS do 1-to-1 Natting? ... > and incoming/outgoing port, ... > automatically redirected from the SBS server to port 81 of the internal ... > Microsoft CSS Online Newsgroup Support ... (microsoft.public.windows.server.sbs) Re: DHCP Issues. Very strange ... default order of rule in ISA 2004. ... Windows SharePoint Services intranet site, ... server certificate on Web server name column and then click Next. ... This newsgroup only focuses on SBS technical issues. ... (microsoft.public.windows.server.sbs) Re: SBS VPN setup? ... The 2-nic configuration is used when the SBS server will *also* act as your network's firewall. ... You purchase 2k3 PREMIUM and that comes with ISA to handle the firewall duties. ... To compare apples to apples, let us assume there is a network setup as I outlined above...and the firewall appliance is an ISA server, such as those available from Celestix. ... (microsoft.public.windows.server.sbs) RE: Port Forwarding not working ... internal Windows XP from your SBS server with 2 NICs? ... ISA installed on SBS? ... port forwarding. ... (microsoft.public.windows.server.sbs)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(12)