• Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

RIP Traffic

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2004 General ] >> General >> RIP Traffic Page: [1]
Message << Older Topic   Newer Topic >>
RIP Traffic - 9.Aug.2006 9:05:47 PM   


Posts: 7
Joined: 9.Aug.2006
From: OC
Status: offline
I'm having trouble allowing RIP traffic to my firewall.  Below is my scenario:

ISA Server 2004 on Windows Server 2003, all patches and service packs installed.  SonicWALL 4060 firewall as default route, RAS server for dial backup for remote sites.  Remote site has Netopia R9120 router, connects via VPN policy to SonicWALL, remote clients use ISA for proxy.  When remote site DSL goes down, Netopia then dials into the RAS server and RIP broadcasts route change.  All servers and clients with RIP Listener installed pick up the change and route traffic accordingly.  The ISA server sees the traffic and logs a Denied Connection.  I've set a rule in ISA that allows protocol RIP to and from All Networks however it is still denied.  There is no rule specified in the monitor for why it is denied, just drops it.

I'm sure I missed something here, any clues out there?
Post #: 1
RE: RIP Traffic - 16.Aug.2006 9:44:24 PM   
ISA Server is not a router and does not directly support routing protocols such
so it cannot listen to rip routers.
you need to install Routing and Remote Access and then create rules.
you shoud check this:

(in reply to mgfirewall)
  Post #: 2
RE: RIP Traffic - 17.Aug.2006 5:13:09 PM   


Posts: 7
Joined: 9.Aug.2006
From: OC
Status: offline
ISA 2004 will listen to RIP traffic and route accordingly. 

First, I should clarify that I do in fact have the RIP listener set up for the appropriate interface in the Routing and Remote Access tool.  Otherwise you would not see any RIP traffic on the ISA server and any rules you set would be ineffective.

I added all columns to my monitor view and got a clue when it posted a deny due to firewall rules.  I started looking closer at my rule to allow the RIP protocol inside my network.  I played a bit with the Networks tab with no joy, then I added the System and Network Services group to the Users Tab.  I had previously just had the All Users group there.  All I can guess is that the RIP listener runs under the local service account.  I do not see anything in the docs that states that you need to add this group when setting protocol specific rules but it does work now.  Thanks to ClintD for your input, that led me on the right path...


< Message edited by mgfirewall -- 17.Aug.2006 5:16:24 PM >

(in reply to mgfirewall)
Post #: 3
RE: RIP Traffic - 17.Aug.2006 9:42:50 PM   
Hi Mike.
I'm glad you solve it.
That was a little bit strange...
thanks for solution.
i never used RIP with ISA.

(in reply to mgfirewall)
  Post #: 4

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2004 General ] >> General >> RIP Traffic Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts