isa 2006 how can i remove remote site network from system firewall policy?

I'm having trouble deleting site-to-site VPN.  Both sites have ISA 2006 and somehow at my HQ site remote network ended up in my system firewall rules ( rule 14 and 15).  Since remote network is defined in the rule it doesn't allow deleting site-to-site and consequently deleting remote network.  When I want to remove this network from the system policy rule 'Allow VPN site-to-site traffic to ISA Server' from/listener list it is grayed out.

By the same token system policy rule 15 'allow vpn site-to-site traffic from isa server' has the same network and it cannot be removed either.
dchorobskiAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

pwindellCommented:
System Policies are not numbered.
Access Rules, Cache Rules, and Network Rules are numbered.

System Policies and Access Rules are not the same thing.  Which one are you really dealing with?
0
dchorobskiAuthor Commented:
"Allow VPN site-to-site traffic to ISA Server" and "Allow VPN site-to-site traffic from ISA Server". They can be seen once you select 'Show System Policy Rules'
0
pwindellCommented:
Ok, yes, I see now,..yes those are numbered.

Everything has to be deleted in the right order.
"Default" networks and other default objects are not removable

1. Access Rules first, or at least remove the Object from the Rule if you want to keep the Rule.
2. Repeat with System Policy Rules. You can't delete the Rule, you just remove the offending Object from the Rule.  #14 needs to keep From: Localhost and To:IP Sec Remote Gateways, External   #15 needs to keep From: IPSec Remote Gateways, External and To: Localhost
3. Then remove from the Network Objects in the Toolbox which is visible when Firewall Policy Node is selected
4. Then lastly remove the actual Network in the Configuration--->Networks--->Network Tab

Basically it all has to be done in the reverse order that it was all created in.


0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
pwindellCommented:
I may have missed some things in the above post.  But anyway, it just comes down to the fact that there are dependencies and everything has to be "undone" in the order it was done it.  I don't have any similar setups here to work with,..I cannot give you a step-by-step without screwing it up somewhere along the way,...you just have to undo everything in the proper order,...so you just have to stop and think the process through.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
VPN

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.