ISA sever 2000 port oppening

Good Afternoon,

I inherited  an ISA 2000 server and for the most part I have been able to figure out so far but now I have a problem that I don't know how to solve it.
This ISA 2000 server has two network adapter. One that connects to the internet  and another that connect to a external private network. In the one to connect to the external private network, I need to open some ports in order to communicate to a new application. I have been trying create some packet filtering but it has not worked so far.

The application opens from the computer that has the ISA server installed, but If I try to run the application from another computer using a proxy server (Which is the ISA server) I 'm not able to open it.

Thanks for  your help


falvaradAsked:
Who is Participating?
 
serchlopConnect With a Mentor Commented:
You have to enter in access policy - ip packet filter - new filter and follow the wizard to create or open the port you want.

Be carefull with the direction for the port, incoming or outgoing.

Then you have to allow this port in access policy - protocol rules - new rule and follow the wizard again.

This should permit the protocol as you wish. You can verify log files in isa server to ensure traffic pass, it shoul be at c:\program files\microsoft isa server\isalogs, but usually them are pretty large.
0
 
falvaradAuthor Commented:
Thank you for your answer. I have created the ip packet filter. The direction was both (incoming, outgoing). There is also a protocol rules that allow the traffic. As I mentioned before, the computer that have ISA server installed, is able to connect but the computers that are using the ISA server as a proxy are not.

Thanks
0
 
serchlopCommented:
Do you use isa client, proxy configuration, isa server as default gateway?

How do you access the app, with internet explorer? With a client - server app?

This app use https on an non standard port? If yes, maybe you can use isa_tpr.js script to allow the https port in web proxy configuration.
0
 
pwindellCommented:
Undo everything you did.

Forget packet filters,...wipe the term "packet filter" from your vocabulary.  Put everything back the way it was before you began or you are going to have one big screwed up mess.

Wipe the term "opening a port" from your vocabulary,..there is just simply no such thing as "opening a port" with ISA (any version)

ISA2000 operates via two types of Access Rules.  It requires both types at the same time in order for traffic to pass.

1. Protocol Rules

2. Site and Content Rules

Protocols Rules define what protocols the user is allowed to use.  It does not specify from where,..or to where.  It only defines what protocol can be used.

Site and Content Rules define where you can go and from where you come from.  It can also define content restrictions when HTTP is being used,...but that is rarely used.  So in the end it usually amounts to be a "Site rule" that determines your destination that is allowed.

Most people always just opened the Site Rule to the full Internet (External) and never touched it again. then they used the Protocol Rules to actually control the user's access.

The order that Rules appear in on the list are completely irrelevant.  Anonymous Rule are always processed before Authenticated Rules,....and Deny Rules are always processed before Allow Rules.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.