Welcome to ISAserver.org

Firewall Policies

Users viewing this topic: none

Logged in as: Guest

Printable Version

All Forums >> [ISA Server 2004 Firewall] >> Network Infrastructure >> Firewall Policies

Page: [1]

Message

<< Older Topic Newer Topic >>

Firewall Policies - 12.Aug.2004 5:48:00 PM

ronmcdonald

Posts: 38
Joined: 18.Dec.2003
From: Maryland
Status: offline

In my test network I have "remote network(172.16.0.0/16)" attached to my "Internal Network (10.0.1.1/16)" by a router. I have a rule allowing all "Outbound traffic" from "All Protected Networks" to "Local Host" for "All Users" "Always" "All Content".

The problem is the "Remote Network" is still getting "Denied Connection" when trying to access the ISA 2004 server from a PC in the Remote Network. Can access the server from the "Internal Network" without problem. Not sure what I am missing... Monitoring doesn't tell you what rule is denying the connection. Need some help on this one - still learning 2004.

Please advise.

Post #: 1

Featured Links*

RE: Firewall Policies - 12.Aug.2004 5:52:00 PM

tshinder

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline

Hi Rono,

What are you trying to accomplish?

Disable your current rule and create a rule that allows outbound from Internal to External.

What are you other design goals?

Thanks!
Tom

(in reply to ronmcdonald)

Post #: 2

RE: Firewall Policies - 12.Aug.2004 7:17:00 PM

ronmcdonald

Posts: 38
Joined: 18.Dec.2003
From: Maryland
Status: offline

Basically - the current rule that I created has allowed me to be able to access the ISA 2K4 server from the "Internal Network" but it has NOT allowed for me to access the ISA 2K4 from remote network, which is all behind the ISA server.

From the "Internal Network" i can ping ISA internal NIC, but can't do that from the Remote Network, and I am not sure why? I have defined the "Remote Network" and the rules say allow all "Protected Networks" access to "Local Host". So my understanding is that I should be able to do the same things from the Internal Network as I can in the Remote Network to manage ISA Server.

From the Remote Network I can access all other servers/clients in the "Internal network" except the ISA Box.

(in reply to ronmcdonald)

Post #: 3

RE: Firewall Policies - 13.Aug.2004 12:08:00 AM

ronmcdonald

Posts: 38
Joined: 18.Dec.2003
From: Maryland
Status: offline

Here is a diagram of the situation - I am just trying to get a PC from the "Remote Network(TestNet2)" to be able to talk to the "Internal NIC" of the ISA server at this stage. I can talk to all machines in 10.0.X.X /16 network from the Remote Network PC except for ISA 2K4.

(in reply to ronmcdonald)

Post #: 4

RE: Firewall Policies - 13.Aug.2004 9:36:00 PM

ronmcdonald

Posts: 38
Joined: 18.Dec.2003
From: Maryland
Status: offline

I figured it out... Yahooooooo!

Instead of defining the network behind the router as a "Remote Network" (but it is really just Internal to ISA cause its still behind ISA). So I deleted the network definition for the "Remote" network and just added the subnet it to the "Internal" network definition under the addresses tab, in addition to the already defined subnet.