I have few Site to Site Firewall rules in place from central site to branch offices and all works fine. One of the other sites is ISA 2004 Std. as well, while the other sites are with third party HW firewall. At the moment, I have firewall rules between sites that has ISA's built in All Users allowed in both direction to authenticate. I wanted to restrict this and I did change from All Users to Domain Users and then I was not able to do anything, not even ping the other end. Then, I added Network and System Services and still the same. It works OK, if I put back All Users only.
Posts: 3472
Joined: 3.Jan.2008
From: Amazon, Brazil
Status: offline
Hi Zorao,
I would advice you to let All Users. Because, if you set Domain users, all packets who is going to you branch office ISA will require authentication. But you canīt make ping command to authenticate and so many others.
PS: check the ISA logs and you will see something like "ISA canīt fullfil the request..."
Thanks a lot on your prompt answer. I did look in ISA log files and windows log files and was not able to find such an error. Anyway, this answer was what I was looking for. So, I'll leave as it is .
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
Printable Version
All Forums >> [ISA 2006 Firewall] >> VPN >> Site to Site Firewall Policy 
Site to Site Firewall Policy - 
New Messages
No New Messages
Hot Topic w/ New Messages
Hot Topic w/o New Messages
Locked w/ New Messages
Locked w/o New Messages
Post New Thread