Welcome to ISAserver.org

Need help opening port, back to back isa

Users viewing this topic: none

Logged in as: Guest

Printable Version

All Forums >> [ISA Server 2004 General ] >> General >> Need help opening port, back to back isa

Page: [1]

Message

<< Older Topic Newer Topic >>

Need help opening port, back to back isa - 29.Jul.2008 2:02:51 PM

mwesol

Posts: 3
Joined: 29.Jul.2008
Status: offline

How do I open port 15425 in a back to back isa config?

ISA 1

Nic 1: Internet Feed

Nic 2: DMZ 192.168.163.1

ISA 2

Nic 1: DMZ 192.168.163.250

Nic 2: Internal

Basicaly I need port 15425 open from ISA 1 and have it point to a machine in the internal network.

I created a protcol on ISA 1 caled PORT15425 and created a access rule to allow External to Internal using protcol PORT15425 but that didn't work.

What am I doing wrong

Thanks
Mike

Post #: 1

Featured Links*

RE: Need help opening port, back to back isa - 29.Jul.2008 3:41:27 PM

Rotorblade

Posts: 973
Joined: 27.Feb.2007
Status: offline

To answer, it would depend on the network relation (route vs NAT) on the backend ISA firewall but at minimum you will need to use server publishing to accomplish your task. If both ISA�s are configured in a NAT relationship, you will need to configure server publishing rules on both the front end and back end ISA�s. In a route relationship, an access rule can be used on the back end and server publishing on the front end.

HTH

RB

_____________________________

David Melvin
Ohio
MCSE: Security 2003, MCSA:Security 2003

(in reply to mwesol)

Post #: 2

RE: Need help opening port, back to back isa - 29.Jul.2008 3:48:46 PM

mwesol

Posts: 3
Joined: 29.Jul.2008
Status: offline

Yes both configured as NAT.

So on ISA 1

publish the external server that needs port 15425 open to Internal?

then on ISA 2

publish internal server from external?

Guess I am not following

newbie on ISA

Thanks
Mike

(in reply to Rotorblade)

Post #: 3

RE: Need help opening port, back to back isa - 30.Jul.2008 1:57:18 PM

Rotorblade

Posts: 973
Joined: 27.Feb.2007
Status: offline

quote:

So on ISA 1

publish the external server that needs port 15425 open to Internal?

I�ll try to give you a quick �How To�. You may want to read up ISA Server publishing works and there should be some good tutorial articles on this site to help you with that task.

Basically,

You need to define the user-defined protocol on both ISA�s (BTW, we don�t open ports in ISA, you grant access through Web publishing, Server publishing and Access rules.)

On ISA 1, create a server publishing rule that listens from anywhere (from) and specify the server to be published on the (To) tab the IP address of ISA 2�s external IP address. The option �Requests appear to come from the ISA server will need to be selected�

On the traffic tab, select the user-defined protocol that you defined.

On the networks tab, you want to be listening for requests on the external network.

On ISA 2, do as the same as you did on ISA 1 but change the server to be published IP with the IP of the published server on the internal network.

That should get you going.

HTH

RB

_____________________________

David Melvin
Ohio
MCSE: Security 2003, MCSA:Security 2003

(in reply to mwesol)

Post #: 4

RE: Need help opening port, back to back isa - 31.Jul.2008 11:31:38 AM

gbarnas

Posts: 147
Joined: 27.Apr.2005
From: New Jersey
Status: offline

This process works quite well - I've published an internal SSH server in a back to back configuration a few weeks ago and it was fairly painless. The concept may be harder than the implementation. ;) The only thing I'd add is:

Publish your internal application on the back firewall first, and use a computer in the DMZ to verify that it works properly.

Once it's working, publish the Back Firewall's "published service" on the Front Firewall and test from an external source.

Think of it as double-publishing - the back firewall publishes the actual service, while the front firewall publishes the back firewall's external listener.

Glenn

(in reply to Rotorblade)

Post #: 5