Link to home
Start Free TrialLog in
Avatar of jkelley53
jkelley53

asked on

ISA Server 2000 with Blackboard Application

I am trying to figure out how do the following with ISA Server 2000.  I have an application that requires that I open up all ports between the external server and my internal server.  There (the software vendor) instructions on how to do this are below.  I have one ISA server with Two NICS, one internal, one external.  The Server inside the firewall that I need to allow access to has about 8 different IP Addresses, and the External NIC of the ISA server has about 12 ip addresses on it.  There description of how the communictation takes place is found in the paragraph below.  I am in over my head on this one.

Firewall software and hardware rules and interfaces for manipulating those rules vary widely, but customers in these kind of topologies have had success with configurations that allow packets from any port on cartridges.blackboard.com to arrive at any port on their local server only if the local server initiated the connection. The local server will typically grab the first available port greater than 1024 to make the outbound connection, and wait on that port for a response. The validation server doesn't initiate any new connections from its side, it just responds to the initial request on the same established channel since the CCAP connection is bi-directional (the inbound packets will be seen to come from the validation server's port 80, regardless of which port the validation server actually uses to send the packets).

ASKER CERTIFIED SOLUTION
Avatar of timSA
timSA

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of jkelley53
jkelley53

ASKER

Thanks.  I just talked with Microsoft and they suggested I install the Firewall client.  (the blackboard server doing the outbound connection from my network) was a secure nat client until we tried the firewall client.  The firewall client combined with adding a specific destination set with the cartridges.blackboard.com server in it seemed to the do the trick.  Everything is working now.


You get the points since you were the first one to post some info for me.  Thanks.

Thanks for the point.  I am surprised MS suggested you to use the firewall client.  All servers should be SecureNAT clients.  But your situation may be an exception.