Open Port from the internet to inside my organization isa2006

Hi


i need to open like 10 port from internet to inside my organization
this is what i did

firewall policy
new access rules
new protocol
let say port 3550 (tcp and UDP receive send)
from External / anywhere
to internal
all user


the bug is this
when i test on this site
http://www.yougetsignal.com/tools/open-ports/

my port is closed ????

i do know why
LVL 1
Victor CharpentierIt technicianAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Bruno PACIIT ConsultantCommented:
Hi,

First of all, ISA makes difference between internal network (that you define by associating IP ranges to network objects in ISA) and the external network that is everything else...

For incoming traffic, meaning IP requests that come from the external network, you need to make "publishing rules", not "access rules". Access rules only apply to outgoing traffic, meaning IP request coming from one of the explicitely defined network.

Also, if your internal network uses private IP range (like 10.x.x.x, 172.16.x.x to 172.31.x.x, or 192.168.x.x) then your ISA server is NATing outgoing traffics. In this situation you can not create rules to allow incoming traffic to reach any IP address in the internal network. What you only can do is create a publishing rule to reach ONE internal IP address for ONE TCP port.

If you want some people on Internet to reach your whole internal network using some ports you need to configure VPN...


Have a good day.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Keith AlabasterEnterprise ArchitectCommented:
I use access lists from external to internal or the perimeter quite a lot but this is always when I use route relationships from the source network to the target network.

If you are Natting from internal to external then the non-web-server publishing rules are your best option.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft Forefront ISA Server

From novice to tech pro — start learning today.