Welcome to ISAserver.org

Site to Site Firewall Policy

Users viewing this topic: none

Logged in as: Guest

Printable Version

All Forums >> [ISA 2006 Firewall] >> VPN >> Site to Site Firewall Policy

Page: [1]

Message

<< Older Topic Newer Topic >>

Site to Site Firewall Policy - 11.Jun.2008 2:29:38 PM

zoro

Posts: 6
Joined: 3.Jun.2008
Status: offline

Hi,

I have few Site to Site Firewall rules in place from central site to branch offices and all works fine. One of the other sites is ISA 2004 Std. as well, while the other sites are with third party HW firewall.
At the moment, I have firewall rules between sites that has ISA's built in All Users allowed in both direction to authenticate.
I wanted to restrict this and I did change from All Users to Domain Users and then I was not able to do anything, not even ping the other end. Then, I added Network and System Services and still the same.
It works OK, if I put back All Users only.

If anyone can tell me what I am I missing here?

Thanks,

Zorao

Post #: 1

Featured Links*

RE: Site to Site Firewall Policy - 11.Jun.2008 5:14:06 PM

paulo.oliveira

Posts: 820
Joined: 3.Jan.2008
From: Amazonas, Brazil
Status: offline

Hi Zorao,

I would advice you to let All Users. Because, if you set Domain users, all packets who is going to you branch office ISA will require authentication. But you can�t make ping command to authenticate and so many others.

PS: check the ISA logs and you will see something like "ISA can�t fullfil the request..."

Regards,
Paulo Oliveira.

(in reply to zoro)

Post #: 2

RE: Site to Site Firewall Policy - 12.Jun.2008 9:27:50 AM

zoro

Posts: 6
Joined: 3.Jun.2008
Status: offline

Paulo,

Thanks a lot on your prompt answer. I did look in ISA log files and windows log files and was not able to find such an error.
Anyway, this answer was what I was looking for. So, I'll leave as it is .

Thanks again,

Zoro

(in reply to zoro)

Post #: 3

RE: Site to Site Firewall Policy - 12.Jun.2008 10:41:27 AM