Welcome to ISAserver.org

open UPD port

Users viewing this topic: none

Logged in as: Guest

Printable Version

All Forums >> [ISA Server 2000 Firewall] >> Firewall Client >> open UPD port

Page: [1]

Message

<< Older Topic Newer Topic >>

open UPD port - 20.Oct.2003 4:27:00 AM

tanh81

Posts: 5
Joined: 20.Oct.2003
Status: offline

I want open UDP port 5060, but i already create Protocol define and add it on access policy, i still cant go through this port.
pls help.
Thanks.

Post #: 1

Featured Links*

RE: open UPD port - 20.Oct.2003 8:29:00 PM

spouseele

Posts: 12830
Joined: 1.Jun.2001
From: Belgium
Status: offline

Hi tanh,

what are the exact details of the protocol definition? Also, how did you test it?

HTH,
Stefaan

(in reply to tanh81)

Post #: 2

RE: open UPD port - 21.Oct.2003 9:40:00 AM

tanh81

Posts: 5
Joined: 20.Oct.2003
Status: offline

i'm define SIP protocol using UDP port 5060. Add SIP on access policy. then i'm using a SIP client to connect SIP server by SIP protocol.
When i running SIP client, it alert that firewall has block port UDP:5060.

i dont no why? pls help! Thanks!

(in reply to tanh81)

Post #: 3

RE: open UPD port - 21.Oct.2003 10:04:00 PM

spouseele

Posts: 12830
Joined: 1.Jun.2001
From: Belgium
Status: offline

Hi tanh,

I have no first hand experience with SIP! But in general you need to know the *exact* protocol details for creating the necessary protocol definition.

Try with an open protocol (all IP traffic, any request) and an open site&content (all destinations, any content, any request) rule first and make sure the Firewall client is installed. Analyze then the ISA Firewall and IP packet filter log.

If it still doesn't work, study thoroughly the relevant RFC's and take a netmon trace at the ISA external interface to find out what is really happening on the wire.

HTH,
Stefaan

(in reply to tanh81)

Post #: 4

RE: open UPD port - 22.Oct.2003 4:02:00 AM

tanh81

Posts: 5
Joined: 20.Oct.2003
Status: offline

hi,
thanks for your advices

I also opened all ip traffic, all content site but the result is the same. the clien still alerted "firewall block UDP:5060"! [Confused]

What happen???

[ October 22, 2003, 04:03 AM: Message edited by: tanh ]

(in reply to tanh81)

Post #: 5

RE: open UPD port - 22.Oct.2003 5:20:00 PM

ducle

Posts: 24
Joined: 16.Jun.2002
Status: offline

Where do you get the netmon trace tools?

(in reply to tanh81)

Post #: 6

RE: open UPD port - 22.Oct.2003 9:18:00 PM

spouseele

Posts: 12830
Joined: 1.Jun.2001
From: Belgium
Status: offline

Hi tanh,

... but what are the ISA logs telling you?

HTH,
Stefaan

(in reply to tanh81)

Post #: 7

RE: open UPD port - 22.Oct.2003 9:20:00 PM

spouseele

Posts: 12830
Joined: 1.Jun.2001
From: Belgium
Status: offline

Hi Duc,

it is a W2K buildin feature. Check out the W2K helpfile for more info.

HTH,
Stefaan

(in reply to tanh81)

Post #: 8

RE: open UPD port - 23.Oct.2003 3:12:00 AM

tanh81

Posts: 5
Joined: 20.Oct.2003
Status: offline

thanks,

i also check log file of ISA server: it didn't have information relation with UDP:5060

(in reply to tanh81)

Post #: 9

RE: open UPD port - 23.Oct.2003 8:29:00 PM

spouseele

Posts: 12830
Joined: 1.Jun.2001
From: Belgium
Status: offline

Hi tanh,

please post an excerpt of the ISA Firewall log and IP Packet Filter log. Just make sure the firewall client was installed on the client, you have an open protocol and site&content rule, you have enabled on ISA the logging of all fields and the log format is set to ISA.

Also, give us the IP address of the internal client and the IP address of the destination you want to connect to.

HTH,
Stefaan

(in reply to tanh81)

Post #: 10