isa 2006 how can i remove remote site network from system firewall policy?

Posted on 2011-10-06
Last Modified: 2012-12-16
I'm having trouble deleting site-to-site VPN.  Both sites have ISA 2006 and somehow at my HQ site remote network ended up in my system firewall rules ( rule 14 and 15).  Since remote network is defined in the rule it doesn't allow deleting site-to-site and consequently deleting remote network.  When I want to remove this network from the system policy rule 'Allow VPN site-to-site traffic to ISA Server' from/listener list it is grayed out.

By the same token system policy rule 15 'allow vpn site-to-site traffic from isa server' has the same network and it cannot be removed either.
Question by:dchorobski
    LVL 29

    Expert Comment

    System Policies are not numbered.
    Access Rules, Cache Rules, and Network Rules are numbered.

    System Policies and Access Rules are not the same thing.  Which one are you really dealing with?

    Author Comment

    "Allow VPN site-to-site traffic to ISA Server" and "Allow VPN site-to-site traffic from ISA Server". They can be seen once you select 'Show System Policy Rules'
    LVL 29

    Accepted Solution

    Ok, yes, I see now,..yes those are numbered.

    Everything has to be deleted in the right order.
    "Default" networks and other default objects are not removable

    1. Access Rules first, or at least remove the Object from the Rule if you want to keep the Rule.
    2. Repeat with System Policy Rules. You can't delete the Rule, you just remove the offending Object from the Rule.  #14 needs to keep From: Localhost and To:IP Sec Remote Gateways, External   #15 needs to keep From: IPSec Remote Gateways, External and To: Localhost
    3. Then remove from the Network Objects in the Toolbox which is visible when Firewall Policy Node is selected
    4. Then lastly remove the actual Network in the Configuration--->Networks--->Network Tab

    Basically it all has to be done in the reverse order that it was all created in.

    LVL 29

    Expert Comment

    I may have missed some things in the above post.  But anyway, it just comes down to the fact that there are dependencies and everything has to be "undone" in the order it was done it.  I don't have any similar setups here to work with,..I cannot give you a step-by-step without screwing it up somewhere along the way, just have to undo everything in the proper order, you just have to stop and think the process through.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    What Should I Do With This Threat Intelligence?

    Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

    Some of you may have heard that SonicWALL has finally released an app for iOS devices giving us long awaited connectivity for our iPhone's, iPod's, and iPad's. This guide is just a quick rundown on how to get up and running quickly using the app. …
    Tired of waiting for your show or movie to load?  Are buffering issues a constant problem with your internet connection?  Check this article out to see if these simple adjustments are the solution for you.
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

    759 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    8 Experts available now in Live!

    Get 1:1 Help Now