troubleshooting Question

ISA 2000 - Allowing Internal App, through ISA

Avatar of mwelf1
mwelf1 asked on
Software FirewallsMicrosoft Forefront ISA Server
16 Comments1 Solution754 ViewsLast Modified:
Hi all

I have a major problem that I have tried to fix myself but have had no success so please help!

Basically, we have ISA 2000 SP2 FP1 running on a two NIC setup.  I have just replaced our old server hardware and did a clean installation of ISA on new hardware.

The problem we are having is that we have an internal program that needs to communicate with an external source.  It worked fine previously without the firewall client enabled.  Now we have to have the firewall client enabled but it does not connect to the external source.

They have told me the following:-
In order to get ELS working through your firewall and /or the Network Address Translation (NAT) device, you will need to ensure that the following traffic be allowed through the following ports to the corresponding (IP) addresses:
TCP transport mode:
      Port: 10000 (Outbound)

UDP transport mode (with NAT device):
      Port: 500 & 4500 (Outbound)

UDP transport mode (with no NAT device):
      Port: 500 & 10000 (Outbound)

VPN concentrators (TCP or UDP mode):
      Mel/Ade  (IP):    203.xxx.40.xxx
      Syd/Bri  (IP):    61.88.100.xxx

Telnet (client and Server):
 Port:            7586
Telnet to the CEG servers:
      Melbourne (IP):   203.xxx.43.1
      Adelaide  (IP):   203.xxx.43.2
      Brisbane  (IP):   203.xxx.43.3
      Sydney    (IP):   203.xxx.43.4

It will connect to the first part over TCP port 10000 to the VPN concentrator but it fails at the second part where it attempts a telnet connection to the CEG servers.  I get no error message, it just doesnt work!

I have tried setting up new rules to allow the traffic through but nothing seeme to work, what am I doing wrong???

Any help would be very greatly appreciated.

thanks
Mark
ASKER CERTIFIED SOLUTION
Computer101

Our community of experts have been thoroughly vetted for their expertise and industry experience.

Join our community to see this answer!
Unlock 1 Answer and 16 Comments.
Start Free Trial
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 1 Answer and 16 Comments.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros