ISA Server 2000 with Blackboard Application
Posted on 2004-12-01
I am trying to figure out how do the following with ISA Server 2000. I have an application that requires that I open up all ports between the external server and my internal server. There (the software vendor) instructions on how to do this are below. I have one ISA server with Two NICS, one internal, one external. The Server inside the firewall that I need to allow access to has about 8 different IP Addresses, and the External NIC of the ISA server has about 12 ip addresses on it. There description of how the communictation takes place is found in the paragraph below. I am in over my head on this one.
Firewall software and hardware rules and interfaces for manipulating those rules vary widely, but customers in these kind of topologies have had success with configurations that allow packets from any port on cartridges.blackboard.com to arrive at any port on their local server only if the local server initiated the connection. The local server will typically grab the first available port greater than 1024 to make the outbound connection, and wait on that port for a response. The validation server doesn't initiate any new connections from its side, it just responds to the initial request on the same established channel since the CCAP connection is bi-directional (the inbound packets will be seen to come from the validation server's port 80, regardless of which port the validation server actually uses to send the packets).