[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 151
  • Last Modified:

Problems with ISA Server 2000, Ping, and remote backups

Hey All:

I'm hoping someone can help me with my problems.  I have aremote backup solution and for some reason I am unable to connect to their servers.  I am running SBS 2000 and I have several Servers I need to remote backup (Vaulting).  I am running the Firewall client on all of my servers and they all can access the site except my SBS server, which I am trying to vault my exchange database.  It also seems as though I can no longer ping anything so I think my firewall rules are somehow screwed up.

First off:  How do enable pinging from my network.  I know it's not DNS as I am getting the ip back, but the request times out.

When I try to telnet to the port, I do not get anything back, but only on this server (the SBS server).  Is there anything I need to do to allow communications with this port?  I already created a rule and enabled it, but I'l still having problems.

Any help would be greatly appreciated.

Thanks,

jocasio
0
Juan Ocasio
Asked:
Juan Ocasio
  • 4
  • 2
  • 2
1 Solution
 
ansh_guptaCommented:
TO allow sbs server to communicate to the remote backup servers, you need to create packet filters for the selected ports the backup solution uses. From the sbs box if you need to enable anytype of communication, you need to create a packet filter for that coz firewall cleint should not be installed on the sbs box, and web proxy is for web traffic so we have packet filters to open outbound and inbound port on the sbs box. You may need to open certain outbound ports whatever been used by the backup. Once you know the port nos, create packet filters accordingly. ANd warning, firewall client should not be installed on the sbs box. FOr pinging the sbs box frm outside, we again have packet filters for ICMP. enable those and you will be able to ping the sbs box from outside. Let me know if you have any other queries..
0
 
Juan OcasioAuthor Commented:
Thanks for the reply.  I tried this, but I'm still not able to get through.  I created packet filters for both ports, both ways (although the remote port is different) accepting replies from any remote machine using and port.  I've viewed my log file and it's showing BLOCKED in the filter-rule section.  

Do you have any other ideas as to what could be causing this or step-by-step instructions as I may not be setting it up correctly (although I think I am...)

jocasio
0
 
Kumar_Jayant123Commented:
Hi,
 
Before i go on and recomend someting i want to  have an idea of some things.

1. The ISA Server is installed on which mode? (Firewall, Web Proxy or Integrated).
2. The Backup Server is on your Internal Network OR in the External Network.
3. Ping is not working Internaly Or Externaly.

To Enable Ping Externaly R-Click on the Packet Filter and check the Enable IP Routing.

Check you LAT Table and Make sure that it is showing the correct Entries.

Thanks.
0
Threat Trends for MSPs to Watch

See the findings.
Despite its humble beginnings, phishing has come a long way since those first crudely constructed emails. Today, phishing sites can appear and disappear in the length of a coffee break, and it takes more than a little know-how to keep your clients secure.

 
ansh_guptaCommented:
Do you have multiple ips assigned on your servers network interface??
0
 
Juan OcasioAuthor Commented:
Kumar_Jayant123:

To answer your questions:
1. Integrated
2. The backup server is a remote server provided by my ISP so I can vault my data.
3. Ping is now working.  Forgot to mention this in my last post as my main concern was the access to the remote site for backup purposes. I mentioned the Ping because I thought that may be related to my issue, but it wasn't

ansh_gupta:

Eahc of my NICs have one IP address assigned to them.

Any other help is greatly appreciated.
0
 
Kumar_Jayant123Commented:
Hi,


I think the best way to do this would be:

Create a Destination set or Computer set and mention the IP of the Remote backup server.
Create a Allow All Packet filter for that IP.
Restart the ISA server services.

One important thing, The SBS Server should go to the Internet as a S-Nat client.

Hope this helps.
Kumar
0
 
Juan OcasioAuthor Commented:
Thanks Kumar_Jayant123:

How do I ensure the SBS Server is going out as a S-Nat Client?

Thanks

jocasio
0
 
Juan OcasioAuthor Commented:
Also, How would I apply a destination set to a packet filter in ISA 2000.  I can't seem locate where this would be applied.

Thanks again
jocasio
0

Featured Post

When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

  • 4
  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now