I'm not using any ISA Server yet, but I'm thinking about it. Currently, I'm using a Windows 2000 Server with Routing & RAS service to do NAT, port mapping and DMZ plus a 3rd Party firewall ("Outpost") to do all the filtering. After roughly 700 days of uptime, the Firewall Kernel module gave me a nice BSOD, so I thought, maybe change it. Also, I have another problem that was so far unsolvable with either Outpost firewall rules or the RRAS configuration.
It's like this:
I have a certain game (Supreme Commander), that i need to be able to access the Internet from behind the NAT/FW. So far so good. Now, that game connects from source port 6112 to the online service, which is also listening on destination port 6112. Protocol is TCP.
Now, as soon as that connection traverses the RRAS NAT, RRAS changes the source port from 6112 to something random. So, RRAS would change that source port from 6112 to let's say 9200, and connect from there to that remote destination port 6112.
Now, the problem is, that this online service requires the source port to be 6112. Otherwise, it might drop the connection altogether. (If I connect to a person which has no changed source port, it still works. If two players with changed source ports try to play together, it doesn't work).
So, i need the option to FIX the source ports of outgoing NAT traversal packets to a specific port based on a firewall rule. Like: "If destination of NAT traversal is TCP Port 6112, then fix Source Port to 6112".
Now, is something like that possible with ISA Server 2004?
Thank you very much for reading my lengthy post! :)
Edit: Oh, I hope this is the correct subforum. I was not sure wether to post this in the Firewall or SNAT subforums..
< Message edited by GrandAdmiralThrawn -- 16.Sep.2009 4:10:56 AM >