Allow someone in to a PC in our n/w

[vsamudio]

We are a medical facility.
we have a PC where we store x-ray images on and transfer them to a doc, via the web (not a problem)throuh a programm called Efilm.
We are able to see the Docs server and access his Efilm , but the doc' server cannot see us.(they are behind a firewall).
on the isa i've set up the port for tcp out and UDP bothways.
The Doc's tech says he can't even ping us,
but from a PC not on a firewall he can.
so apparentlly ISA doesn't want to bee seen by a private address behind a public addrees. (spooffing I belive is called)
what/how can it be set up where i can be seen and pinged by the Doc's office.
not very familiar with ISA so be gentle.
V

 

[paul123456]

By default icmp blocks ping request...under your protocol definitions you can chnage this..but if someone in another network once access to your network set up a vpn server.

Thanks, PAUL

 

[Knutern]

Hi there,

the use of VPN server is one way. Another way would be to allow incoming TCP 443 (HTTPS) to a designated Server. This would be a Web Publishing Rule. Also, make sure only secure access is allowed.

Then, to tighten things up, the site would require SSL and Client Certificate. Lastly, Enable Client Certificate Mapping to the account(s) that are granted access to the site.

Cheers
Knutern