Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Server Publishing in ISA 2006

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2004 General ] >> Server Publishing >> Server Publishing in ISA 2006 Page: [1]
Login
Message << Older Topic   Newer Topic >>
Server Publishing in ISA 2006 - 18.Jul.2007 4:44:20 PM   
swlymer

 

Posts: 12
Joined: 10.Jan.2006
Status: offline 		Hello,

I am trying to determine what is wrong with my server publishing rule for a Centra server. Here is what I have done.

  1. I created an access rule to allow the Centra Srever traffic (TCP port 1709) with a listener on the external interface. 
  2. I then created an allow rule to allow to allow TCP 1709 from external to our internal Centra server

Now when a connection is attempted to Centra the connection is dropped. I see nothing in the ISA logging and netstat does not show TCP port 1709 listening for connections. The server publishing rule and allow rule are enabled and the deny rule is at the bottom of the rule list. If publishing is configured correctly wouldn't netstat show TCP port 1709 listening? That is the way it worked in ISA 2000 which we also use for some server publishing. Am I missing soomething??

Thanks!!

Scot Lymer, CISSP
Solutia IT Security Team
Post #: 1
RE: Server Publishing in ISA 2006 - 23.Jul.2007 10:16:15 AM   
Rotorblade

 

Posts: 973
Joined: 27.Feb.2007
Status: offline 		Hi Scot,


The way it worked in ISA 2000 is not the way it works with ISA 2004. Netstat will not show the connections. Please check out this article: http://support.microsoft.com/kb/838127

HTH
RB

(in reply to swlymer)
Post #: 2
RE: Server Publishing in ISA 2006 - 23.Jul.2007 10:41:13 AM   
Rotorblade

 

Posts: 973
Joined: 27.Feb.2007
Status: offline
quote:


  1. I created an access rule to allow the Centra Srever traffic (TCP port 1709) with a listener on the external interface. 
  2. I then created an allow rule to allow to allow TCP 1709 from external to our internal Centra server



quote:



I created an access rule to allow the Centra Srever traffic (TCP port 1709) with a listener on the external interface. 
I then created an allow rule to allow to allow TCP 1709 from external to our internal Centra server



To address your publishing problem, use Server publishing to create the rule not an access rule Access rules should be used for outbound access and are not generally used for inbound access unless you are routing and allowing perimeter network traffic. You will only need the one server publishing rule and creating a “listener” is used for web not server publishing and is not needed. Your Centra server should be configured as a SecureNAT client or set the server publishing rule requests option to “Requests appear to come from the ISA server”.

HTH

RB

(in reply to Rotorblade)
Post #: 3

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2004 General ] >> Server Publishing >> Server Publishing in ISA 2006 Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts