• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 588
  • Last Modified:

isa 2006 how can i remove remote site network from system firewall policy?

I'm having trouble deleting site-to-site VPN.  Both sites have ISA 2006 and somehow at my HQ site remote network ended up in my system firewall rules ( rule 14 and 15).  Since remote network is defined in the rule it doesn't allow deleting site-to-site and consequently deleting remote network.  When I want to remove this network from the system policy rule 'Allow VPN site-to-site traffic to ISA Server' from/listener list it is grayed out.

By the same token system policy rule 15 'allow vpn site-to-site traffic from isa server' has the same network and it cannot be removed either.
  • 3
1 Solution
System Policies are not numbered.
Access Rules, Cache Rules, and Network Rules are numbered.

System Policies and Access Rules are not the same thing.  Which one are you really dealing with?
dchorobskiAuthor Commented:
"Allow VPN site-to-site traffic to ISA Server" and "Allow VPN site-to-site traffic from ISA Server". They can be seen once you select 'Show System Policy Rules'
Ok, yes, I see now,..yes those are numbered.

Everything has to be deleted in the right order.
"Default" networks and other default objects are not removable

1. Access Rules first, or at least remove the Object from the Rule if you want to keep the Rule.
2. Repeat with System Policy Rules. You can't delete the Rule, you just remove the offending Object from the Rule.  #14 needs to keep From: Localhost and To:IP Sec Remote Gateways, External   #15 needs to keep From: IPSec Remote Gateways, External and To: Localhost
3. Then remove from the Network Objects in the Toolbox which is visible when Firewall Policy Node is selected
4. Then lastly remove the actual Network in the Configuration--->Networks--->Network Tab

Basically it all has to be done in the reverse order that it was all created in.

I may have missed some things in the above post.  But anyway, it just comes down to the fact that there are dependencies and everything has to be "undone" in the order it was done it.  I don't have any similar setups here to work with,..I cannot give you a step-by-step without screwing it up somewhere along the way,...you just have to undo everything in the proper order,...so you just have to stop and think the process through.

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now