[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

ISA sever 2000 port oppening

Posted on 2011-10-10
4
Medium Priority
?
196 Views
Last Modified: 2013-12-06
Good Afternoon,

I inherited  an ISA 2000 server and for the most part I have been able to figure out so far but now I have a problem that I don't know how to solve it.
This ISA 2000 server has two network adapter. One that connects to the internet  and another that connect to a external private network. In the one to connect to the external private network, I need to open some ports in order to communicate to a new application. I have been trying create some packet filtering but it has not worked so far.

The application opens from the computer that has the ISA server installed, but If I try to run the application from another computer using a proxy server (Which is the ISA server) I 'm not able to open it.

Thanks for  your help


0
Comment
Question by:falvarad
  • 2
4 Comments
 
LVL 12

Accepted Solution

by:
serchlop earned 2000 total points
ID: 36945542
You have to enter in access policy - ip packet filter - new filter and follow the wizard to create or open the port you want.

Be carefull with the direction for the port, incoming or outgoing.

Then you have to allow this port in access policy - protocol rules - new rule and follow the wizard again.

This should permit the protocol as you wish. You can verify log files in isa server to ensure traffic pass, it shoul be at c:\program files\microsoft isa server\isalogs, but usually them are pretty large.
0
 

Author Comment

by:falvarad
ID: 36948801
Thank you for your answer. I have created the ip packet filter. The direction was both (incoming, outgoing). There is also a protocol rules that allow the traffic. As I mentioned before, the computer that have ISA server installed, is able to connect but the computers that are using the ISA server as a proxy are not.

Thanks
0
 
LVL 12

Expert Comment

by:serchlop
ID: 36950877
Do you use isa client, proxy configuration, isa server as default gateway?

How do you access the app, with internet explorer? With a client - server app?

This app use https on an non standard port? If yes, maybe you can use isa_tpr.js script to allow the https port in web proxy configuration.
0
 
LVL 29

Expert Comment

by:pwindell
ID: 36982271
Undo everything you did.

Forget packet filters,...wipe the term "packet filter" from your vocabulary.  Put everything back the way it was before you began or you are going to have one big screwed up mess.

Wipe the term "opening a port" from your vocabulary,..there is just simply no such thing as "opening a port" with ISA (any version)

ISA2000 operates via two types of Access Rules.  It requires both types at the same time in order for traffic to pass.

1. Protocol Rules

2. Site and Content Rules

Protocols Rules define what protocols the user is allowed to use.  It does not specify from where,..or to where.  It only defines what protocol can be used.

Site and Content Rules define where you can go and from where you come from.  It can also define content restrictions when HTTP is being used,...but that is rarely used.  So in the end it usually amounts to be a "Site rule" that determines your destination that is allowed.

Most people always just opened the Site Rule to the full Internet (External) and never touched it again. then they used the Protocol Rules to actually control the user's access.

The order that Rules appear in on the list are completely irrelevant.  Anonymous Rule are always processed before Authenticated Rules,....and Deny Rules are always processed before Allow Rules.
0

Featured Post

Prepare for an Exciting Career in Cybersecurity

Help prevent cyber-threats and provide solutions to safeguard our global digital economy. Earn your MS in Cybersecurity. WGU’s MSCSIA degree program curriculum features two internationally recognized certifications from the EC-Council at no additional time or cost.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When replacing some switches recently I started playing with the idea of having admins authenticate with their domain accounts instead of having local users on all switches all over the place. Since I allready had an w2k8R2 NPS running for my acc…
Use of TCL script on Cisco devices:  - create file and merge it with running configuration to apply configuration changes
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…
Suggested Courses
Course of the Month18 days, 15 hours left to enroll

834 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question