Welcome to ISAserver.org

Windows 2003 and ISA Install with hotfix 255

Users viewing this topic: none

Logged in as: Guest

Printable Version

All Forums >> [ISA Server 2000 General] >> Installation >> Windows 2003 and ISA Install with hotfix 255

Page: [1]

Message

<< Older Topic Newer Topic >>

Windows 2003 and ISA Install with hotfix 255 - 19.Aug.2003 6:47:00 AM

Colter

Posts: 4
Joined: 19.Aug.2003
From: Austin
Status: offline

I have completed an ISA 2000 Server install with respective patches that are needed. I am getting no errors in my event viewer and 2003 is booting up smoothly. Usually, after an install on 2000 i am blocked on all out going and incoming ports. After this 2003 install all ports are open. I am testing this installation in a NAT environment as a stand alone webserver. I have a hardware device that is providing the port forwarding to the 2003 server. The packets aren't stopping at the 2003 server as i am able to connect to multiple ports. What steps should i take next to fix this issue and make ISA active as it is installed and looks fine but is not doing its job. Thanks in advance.

Colter

Post #: 1

Featured Links*

RE: Windows 2003 and ISA Install with hotfix 255 - 19.Aug.2003 3:40:00 PM

AbqBill

Posts: 478
Joined: 3.Jun.2003
From: Albuquerque NM USA
Status: offline

Hi Colter,

Perhaps you could elaborate on what you mean by "all ports are open" (from where are you scanning open ports?) and "installing in a NAT environment" (do you mean by this that you are putting ISA behind a NAT?).

Thanks,

Bill

(in reply to Colter)

Post #: 2

RE: Windows 2003 and ISA Install with hotfix 255 - 19.Aug.2003 4:34:00 PM

Colter

Posts: 4
Joined: 19.Aug.2003
From: Austin
Status: offline

Bill,

Thanks for the reply, let me give you a little more info as i hope that helps. I am setting up a server within a NAT environment. This server is Windows 2003 with ISA 2000 with hotfix 255. I have to network interfaces, one enabled, one disabled. I only need on interface to work as this machine is going t be setup to be a commercial webserver. This webserver will only have ONE live ip address. I am setting it up within our NAT environment to get it ready for deployment. Once deployed i will change it to the live IP address.

During the install of ISA onto the Windows 2003 server i installed in Firewall Mode (as that is all that is needed to protect the webserver). When asking me to construct the LAT table i used the internal IP address that this machine is now, 192.168.1.100 and the future live IP address it will be. Routing and Remote access will not be used on this machine.

I have completed the full install and based on previous installs i have worked on ISA installs with all ports closed and i would have to open them to make them work. Before I even touch ISA all ports are open, which means i can connect to lets say Terminal Services even though i have not made a rule allowing that port to be open. This shows me that the Firewall Service isn't even working. There are no errors in the event log and I am stumped to why ISA is not working. Thanks for the help.

Colter

(in reply to Colter)

Post #: 3

RE: Windows 2003 and ISA Install with hotfix 255 - 19.Aug.2003 4:39:00 PM

AbqBill

Posts: 478
Joined: 3.Jun.2003
From: Albuquerque NM USA
Status: offline

Hi Colter,

What functionality do you want from ISA Server in your scenario?

Bill

(in reply to Colter)

Post #: 4

RE: Windows 2003 and ISA Install with hotfix 255 - 19.Aug.2003 5:14:00 PM

Colter

Posts: 4
Joined: 19.Aug.2003
From: Austin
Status: offline

I want ISA to protect my server as a firewall. Thats all i need. All webpages are on the machine so i will need no port forwarding. I want to be able to restrict the ports used on my server, only allowing, SSL, HTTP, FTP, Terminal Services. I woud like to allow IP based security so only certain IPs can make it to the Terminal Services port. This is going to be a production machine hosting ecommerce sites so i need it to be secure. I used BlackICE Server before which is a weak program. I would like log functionality as well.

I want it to be One machine, one ip, with firewall protection.

Colter

(in reply to Colter)

Post #: 5

RE: Windows 2003 and ISA Install with hotfix 255 - 19.Aug.2003 6:07:00 PM

AbqBill

Posts: 478
Joined: 3.Jun.2003
From: Albuquerque NM USA
Status: offline

Hi Colter,

ISA Server is not well-suited to this scenario. Use built-in Windows 2000 packet filtering instead. I don't know if installing ISA Server in integrated mode with only one active NIC is unsupported, but it's certainly non-standard and may be problematic.

HTH,

Bill

(in reply to Colter)

Post #: 6

RE: Windows 2003 and ISA Install with hotfix 255 - 19.Aug.2003 6:18:00 PM

Colter

Posts: 4
Joined: 19.Aug.2003
From: Austin
Status: offline

Bill,

I installed in Firewall mode and not integrated mode. So this software won't work as a basic firewall system? Is Windows 2003 security secure enought to packet filter?

Colter

(in reply to Colter)

Post #: 7

RE: Windows 2003 and ISA Install with hotfix 255 - 19.Aug.2003 8:47:00 PM

AbqBill

Posts: 478
Joined: 3.Jun.2003
From: Albuquerque NM USA
Status: offline

Hi Colter,

As I see it, the problem in your scenario is that you're wanting ISA Server to behave in a non-standard manner. As a firewall, ISA Server is designed to provide network access via two interfaces: The inside interface is connected to a trusted network (specified by the LAT), and the outside interface is connected to an untrusted network (the Internet, usually). If you want to block traffic on a machine with a single interface, you can use the built-in Windows packet filtering. You don't need ISA to do that.

ISA Server is a "killer app" for many organizations because it can enforce user- and group-level access control on individual protocols, along with schedules, etc.

HTH,

Bill

(in reply to Colter)

Post #: 8

RE: Windows 2003 and ISA Install with hotfix 255 - 19.Aug.2003 11:24:00 PM