• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

need to enable IP routing

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2004 Firewall] >> Access Policies >> need to enable IP routing Page: [1]
Login
Message << Older Topic   Newer Topic >>
need to enable IP routing - 5.Feb.2004 8:40:00 PM   
eots

 

Posts: 33
Joined: 5.Feb.2004
Status: offline
Where did MS hide the "Enable IP Routing" option that used to be available under Access Policies/IP Packet Filters in ISA2000?

I want to allow firewall clients behind ISA2004 to ping and traceroute remote addresses, but changing the network rule from NAT to Route doesn't work.
Post #: 1
RE: need to enable IP routing - 6.Feb.2004 12:27:00 AM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Eots,

You still need to make clients SecureNAT clients to use non-TCP/UDP protocols, because the Firewall client software only intercepts Winsock TCP and UDP requests.

HTH,
Tom

(in reply to eots)
Post #: 2
RE: need to enable IP routing - 6.Feb.2004 5:12:00 AM   
Guest
ISA Server -> Configuration -> General -> Define IP Preferences -> IP Routing

(in reply to eots)
  Post #: 3
RE: need to enable IP routing - 6.Feb.2004 5:41:00 AM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Dmitry,

Changing that value will not enable machines that are not enabled as SecureNAT clients, and only as Firewall clients, to use ICMP. The firewall client only handles Winsock TCP and UDP apps.

Thanks!
Tom

(in reply to eots)
Post #: 4
RE: need to enable IP routing - 6.Feb.2004 2:57:00 PM   
eots

 

Posts: 33
Joined: 5.Feb.2004
Status: offline
Actually I had to change my ISA 2004 firewall policy to UNRESTRICED. I have 2 firewalls and I had no problem performing traceroutes through my ISA 2000 server. After changing the firewall policy I can now traceroute and ping remote addresses.

(in reply to eots)
Post #: 5
RE: need to enable IP routing - 6.Feb.2004 3:40:00 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Eots,

You can create a firewall policy that allows outbound ICMP echo request and inbound ICMP echo reply, that would be much more secure.

HTH,
Tom

(in reply to eots)
Post #: 6

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2004 Firewall] >> Access Policies >> need to enable IP routing Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts