?
Solved

ISA Ping??

Posted on 2004-11-17
9
Medium Priority
?
734 Views
Last Modified: 2013-11-16

  Hi everyone

  I've recently installed as ISA 2000 Server on a SmallBusiness 2000 Server (Windows 2000 SP4/AC/Exchange/ISA in one server). I have 2 NIC's in the server, the "external" NIC is directly connected to a ADSL modem, and has a defined IP.

  The local clients can ping the "internal" interface, but i cant ping the external interface on the server, from another computer on the internet, ex. my own machine at my home. I can port scan the server, but my scanner says it a dead "ping dead" server, and once in a while it detects port 80, even if i havent published a web server :-| When the ISA wasnt installed i could easily ping the server, even port scan the server (dont worry, its experimental, and its my own server).

  All outgoing traffic is almost blocked. My exchange POP3 connector cant retrieve mail, and my SMTP connector can send mail. My Real player cant stream anymore. And my symantec antivirus, and sybari antigen can update their virus definitions and scanners.

  What am i doing wrong?
0
Comment
Question by:Shaohs
9 Comments
 
LVL 3

Expert Comment

by:_Jochen_
ID: 12603273
looks like your ISA Server is blocking ICMP traffic on the external Interface.
If you want to ping the Server from outside you have to allow ICMP Traffic. I think the default in ISA Server is blocking ICMP.
cheers, jochen.
0
 
LVL 15

Expert Comment

by:Cyber-Dude
ID: 12603991
If I may note somthing here;
I think it is a good idea for you to keep the ICMP traffic closed because keeping it open will enable an attacker study your network and react in a way which may be harmful.

I also think, as _Jochen_ that the ICMP traffic is blocked. And the ISA Server suppose to do that...

Do you need a walkthrough on how to open the ports?

Cyber
0
 

Author Comment

by:Shaohs
ID: 12612063
If you have one, i would be delighted. :-)
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 15

Expert Comment

by:Cyber-Dude
ID: 12612098
hehehe;
Your wish is my command;
http://www.experts-exchange.com/Security/Q_21081134.html

Now, where is that lamp?

Cyber
0
 

Author Comment

by:Shaohs
ID: 12614165
My second wish will be:

  What should i do about Real Player? I've opened 1090 but it still wont stream.

Third wish:

  When you open a UDP port, i got alot more choices in the trafic direction than TCP. TCP only has Inbound, Outbound and Both. UDP have 5 options. Whats the difference between these 5 options, and is it important to any "normal" applications that they should be opened?
0
 
LVL 5

Expert Comment

by:TJworld
ID: 12621100
0
 
LVL 25

Accepted Solution

by:
Ron Malmstead earned 1500 total points
ID: 12639237
Block rules take precedent over allow rules....if you do not have an "allow all traffic" "any protocol" on "any interface" rule...then you have no access, at all, to any external destinations..(your public ip is external)...these rules are created by default on install...be sure you didn't delete them.


0
 
LVL 15

Expert Comment

by:Cyber-Dude
ID: 12639467
I think the subject has been covered (that is unless things are not working properly for you);
Now, where is my lamp?

Cyber
0
 

Author Comment

by:Shaohs
ID: 12639577
I think i got it now. I just had to set the "BackOffice Internet Access Protocol Rule" and the "BackOffice Internet Access Site and Content Rule" source to a client set with all the local ip's in. Now everyone can stream, and everything.

I created a rule in the packet filtering that allowed outgoing TCP 110 POP3 and outgoing TCP 25 SMTP. That did the trick about the mail.
I also add'ed a packet filter that deny incoming port 80. I noticed in a port scan that it was open for no reason. I cetainly didnt ask it to open port 80.

Pretty simple, once you get the hang of it.

Thanks for the answers. :)
0

Featured Post

 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The Internet has made sending and receiving information online a breeze. But there is also the threat of unauthorized viewing, data tampering, and phoney messages. Surprisingly, a lot of business owners do not fully understand how to use security t…
Phishing emails are a popular malware delivery vehicle for attack.  While there are many ways for an attacker to increase the chances of success for their phishing emails, one of the most effective methods involves spoofing the message to appear to …
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Is your data getting by on basic protection measures? In today’s climate of debilitating malware and ransomware—like WannaCry—that may not be enough. You need to establish more than basics, like a recovery plan that protects both data and endpoints.…
Suggested Courses

862 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question