I'm having trouble allowing RIP traffic to my firewall. Below is my scenario:
ISA Server 2004 on Windows Server 2003, all patches and service packs installed. SonicWALL 4060 firewall as default route, RAS server for dial backup for remote sites. Remote site has Netopia R9120 router, connects via VPN policy to SonicWALL, remote clients use ISA for proxy. When remote site DSL goes down, Netopia then dials into the RAS server and RIP broadcasts route change. All servers and clients with RIP Listener installed pick up the change and route traffic accordingly. The ISA server sees the traffic and logs a Denied Connection. I've set a rule in ISA that allows protocol RIP to and from All Networks however it is still denied. There is no rule specified in the monitor for why it is denied, just drops it.
I'm sure I missed something here, any clues out there?
ISA 2004 will listen to RIP traffic and route accordingly.
First, I should clarify that I do in fact have the RIP listener set up for the appropriate interface in the Routing and Remote Access tool. Otherwise you would not see any RIP traffic on the ISA server and any rules you set would be ineffective.
I added all columns to my monitor view and got a clue when it posted a deny due to firewall rules. I started looking closer at my rule to allow the RIP protocol inside my network. I played a bit with the Networks tab with no joy, then I added the System and Network Services group to the Users Tab. I had previously just had the All Users group there. All I can guess is that the RIP listener runs under the local service account. I do not see anything in the docs that states that you need to add this group when setting protocol specific rules but it does work now. Thanks to ClintD for your input, that led me on the right path...
< Message edited by mgfirewall -- 17.Aug.2006 5:16:24 PM >