ISA 2000 server can connect, but no other network computer can

[nexustek]

Hello,

So we have a customer that is running ISA 2000 on a Windows 2000 box and we are having some issues. They have requested that we open up 3 non-standard ports for everyone to be able to use with a website that they are connecting to in the UK (Our customer is in Colorado). So we set up rules to allow traffic from any local port to connect to this site under ports 8179, 8219, and 8220. So now the ISA server itself can connect with no problem, but no other server or desktop can. Any other system can telnet the IP with any standard port, but not those 3. The website host is filtering access based on external IPs and we have verified that they have the right IP. Maybe it's not NATting properly? How can I tell? Please help! I'll answer any questions you may have.

 

[ITPangaeaArchitect]

trying to remember in isa 2k, but for isa 2k4, id say you're missing a web rule allowing access, or have your rules misordered....

-Brandon Wilson
MCSE:Security00/03
MCSA:Messaging00
MCSA:Security03
A+

 

[nexustek]

Thanks Brandon.

From what I can tell in ISA2000 you can't order the rules. Also, after researching more I found that ISA2000 will not allow SSL traffic to pass on any other port besides 443 and 568(I think this is the other SSL port). So you have to run VB scripts to change that setting.

In other words ISA2000 sucks.

The sad thing is the company that is using it would rather me spend hours billing them to fix this instead of just purchasing a real firewall. Oh well.

Thanks again!