ISA sever 2000 port oppening

Posted on 2011-10-10
Last Modified: 2013-12-06
Good Afternoon,

I inherited  an ISA 2000 server and for the most part I have been able to figure out so far but now I have a problem that I don't know how to solve it.
This ISA 2000 server has two network adapter. One that connects to the internet  and another that connect to a external private network. In the one to connect to the external private network, I need to open some ports in order to communicate to a new application. I have been trying create some packet filtering but it has not worked so far.

The application opens from the computer that has the ISA server installed, but If I try to run the application from another computer using a proxy server (Which is the ISA server) I 'm not able to open it.

Thanks for  your help

Question by:falvarad
    LVL 12

    Accepted Solution

    You have to enter in access policy - ip packet filter - new filter and follow the wizard to create or open the port you want.

    Be carefull with the direction for the port, incoming or outgoing.

    Then you have to allow this port in access policy - protocol rules - new rule and follow the wizard again.

    This should permit the protocol as you wish. You can verify log files in isa server to ensure traffic pass, it shoul be at c:\program files\microsoft isa server\isalogs, but usually them are pretty large.

    Author Comment

    Thank you for your answer. I have created the ip packet filter. The direction was both (incoming, outgoing). There is also a protocol rules that allow the traffic. As I mentioned before, the computer that have ISA server installed, is able to connect but the computers that are using the ISA server as a proxy are not.

    LVL 12

    Expert Comment

    Do you use isa client, proxy configuration, isa server as default gateway?

    How do you access the app, with internet explorer? With a client - server app?

    This app use https on an non standard port? If yes, maybe you can use isa_tpr.js script to allow the https port in web proxy configuration.
    LVL 29

    Expert Comment

    Undo everything you did.

    Forget packet filters,...wipe the term "packet filter" from your vocabulary.  Put everything back the way it was before you began or you are going to have one big screwed up mess.

    Wipe the term "opening a port" from your vocabulary,..there is just simply no such thing as "opening a port" with ISA (any version)

    ISA2000 operates via two types of Access Rules.  It requires both types at the same time in order for traffic to pass.

    1. Protocol Rules

    2. Site and Content Rules

    Protocols Rules define what protocols the user is allowed to use.  It does not specify from where,..or to where.  It only defines what protocol can be used.

    Site and Content Rules define where you can go and from where you come from.  It can also define content restrictions when HTTP is being used,...but that is rarely used.  So in the end it usually amounts to be a "Site rule" that determines your destination that is allowed.

    Most people always just opened the Site Rule to the full Internet (External) and never touched it again. then they used the Protocol Rules to actually control the user's access.

    The order that Rules appear in on the list are completely irrelevant.  Anonymous Rule are always processed before Authenticated Rules,....and Deny Rules are always processed before Allow Rules.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    What Is Threat Intelligence?

    Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

    Suggested Solutions

    Title # Comments Views Activity
    Issues with NAT and UDP 2 53
    License Management Policy 6 65
    UPS Systems 6 47
    Cannot access folders 5 16
    When replacing some switches recently I started playing with the idea of having admins authenticate with their domain accounts instead of having local users on all switches all over the place. Since I allready had an w2k8R2 NPS running for my acc…
    Data center, now-a-days, is referred as the home of all the advanced technologies. In-fact, most of the businesses are now establishing their entire organizational structure around the IT capabilities.
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
    In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor ( If you're interested in additional methods for monitoring bandwidt…

    761 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    12 Experts available now in Live!

    Get 1:1 Help Now