Solved

Open Port from the internet to inside my organization isa2006

Posted on 2010-08-17
2
499 Views
Last Modified: 2012-05-10
Hi


i need to open like 10 port from internet to inside my organization
this is what i did

firewall policy
new access rules
new protocol
let say port 3550 (tcp and UDP receive send)
from External / anywhere
to internal
all user


the bug is this
when i test on this site
http://www.yougetsignal.com/tools/open-ports/

my port is closed ????

i do know why
0
Comment
Question by:Victor Charpentier
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 16

Accepted Solution

by:
Bruno PACI earned 500 total points
ID: 33458763
Hi,

First of all, ISA makes difference between internal network (that you define by associating IP ranges to network objects in ISA) and the external network that is everything else...

For incoming traffic, meaning IP requests that come from the external network, you need to make "publishing rules", not "access rules". Access rules only apply to outgoing traffic, meaning IP request coming from one of the explicitely defined network.

Also, if your internal network uses private IP range (like 10.x.x.x, 172.16.x.x to 172.31.x.x, or 192.168.x.x) then your ISA server is NATing outgoing traffics. In this situation you can not create rules to allow incoming traffic to reach any IP address in the internal network. What you only can do is create a publishing rule to reach ONE internal IP address for ONE TCP port.

If you want some people on Internet to reach your whole internal network using some ports you need to configure VPN...


Have a good day.
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 33459036
I use access lists from external to internal or the perimeter quite a lot but this is always when I use route relationships from the source network to the target network.

If you are Natting from internal to external then the non-web-server publishing rules are your best option.
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
tmg evaluation 10 552
Exchange 2010 Edge Server and TMG Replacements 2 1,025
TMG with 2 nics  in DMZ of ASA - The ASA only has 1 DMZ interface 6 282
forefront TMG internet logs 1 114
ISA Server detected routes through the network adapter LAN that do not correlate with the network to which this network adapter belongs What does this mean and how can one go about correcting it? In simple terms, this error message indicates t…
Common practice undertaken by most system administrators is to document the configurations and final solutions of anything performed by them for their future use and reference. So here I am going to explain how to export ISA Server 2004 Firewall pol…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

738 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question