SBS SP1 server gets ping response, client does not

SBS SP1 server gets ping response, client does not (Full Version)

All Forums >> [ISA Server 2004 General ] >> ISA 2004 SBS

Message

Guest -> SBS SP1 server gets ping response, client does not (2.Aug.2005 8:52:00 AM)
Just upgraded to SBS 2003 SP1. First of all found that I could no longer connect my PPTP VPNs from my client PC to other sites. Rooted around in the policy and added 'Internal' to the from/listener to the "SBS PPTP outbound Access Rule" and it now works. Now I find that I can ping (say) www.google.com from the server console but not from my PC even with FWC enabled (or disabled!) Had a bit of a google around but can't find anything except 'enable IP routing' which is already enabled. Set up logging to the destination IP and the result is 'denied connection' refering to the rule "SBS Internet Access Rule". Not sure what to check next! Thanks Ian

tshinder -> RE: SBS SP1 server gets ping response, client does not (2.Aug.2005 9:57:00 AM)
Hi Ian, 1. Don't change the System Policy for PPTP -- create an Access Rule that allows PPTP outbound from Internal to External 2. For ping to work from an Internal Network client, you need to create an Access Rule allowing Ping from Internal to External AND the client must be configured as a SecureNAT client 3. IP Routing is enabled by default 4. I'll have to check on what the "SBS Internet Access Rule" does, but the protocols allowed will appear in the Firewall policy list HTH, Tom

Guest -> RE: SBS SP1 server gets ping response, client does not (2.Aug.2005 11:34:00 AM)
Great, that has fixed it. Thanks for the help. (I changed the PPTP rule too). Now back to ploughing through your ISA book Ian

tshinder -> RE: SBS SP1 server gets ping response, client does not (2.Aug.2005 11:59:00 AM)
Hi Ian, Great! Good to hear you got it working and thanks for the follow up! Tom

jonathan_vella -> RE: SBS SP1 server gets ping response, client does not (4.Aug.2005 1:21:00 AM)
Hi Tom, by default the "SBS Internet Access Rule" gives "All outbound access" to all users in the group Internet Access on an SBS2003 machine. The first thing I do when setting up an SBS03 box is to reconfigure this rule to only allow HTTP / HTTPS / FTP access. Regards, Jonathan

tshinder -> RE: SBS SP1 server gets ping response, client does not (4.Aug.2005 9:23:00 AM)
Hi Jonathan, That's an excellent security move! I would take it even one step further, and remove the HTTPS access. Then create a separate rule that allows HTTP access only to approved sites. Thanks! Tom

Page: [1]