RE: ping through isa server 2k4

• From: "Jim Harrison" <Jim@xxxxxxxxxxxx>
• To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
• Date: Sat, 23 Oct 2004 17:35:15 -0700

Actually, many of them are...
<sigh>

  Jim Harrison
  MCP(NT4, W2K), A+, Network+, PCG
  http://isaserver.org/Jim_Harrison/
  http://isatools.org
  Read the help / books / articles!
 
 
-----Original Message-----
From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] 
Sent: Saturday, October 23, 2004 10:36 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: ping through isa server 2k4

http://www.ISAserver.org

I've noticed a number of this kind of KBs lately. Are they being farmed
out?
Analysis of KB:


INTRODUCTION
This article describes how to configure secure network address
translation (SecureNAT) in Microsoft Internet Security and Acceleration
(ISA) Server 2004 to pass Internet Control Message Protocol (ICMP)
packets between internal hosts and external hosts.
>>TOM: We are discussing sending ping between a Protected Network host
and a host on a non-Protected Network. OK.  The term "internal" is now a
bit of a misnomer since there's no LAT and no hard-coded
"internal/external" definitions -- there's just different Network types.


MORE INFORMATION
In ISA Server 2004, the ICMP proxy is turned on only if the ISA Server
computer has Internet Protocol (IP) routing turned on, and if there is a
corresponding system policy setting that permits the external adapter on
the ISA Server 2004 computer to send and receive ICMP packets.
>>TOM: The ISA firewall doesn't "proxy" ICMP. It doesn't recreate the
ICMP communication like a Proxy, its just NATing it.  System Policy
allowing ICMP from the ISA firewall itself is irrelevant, since the
communication is coming from the Protected Network host, and not from
the ISA firewall itself. The issuing isn't sending and receiving from
the ISA firewall, its sending and receiving from the Protected Network
host.

Note The Allow ICMP requests from ISA server to selected servers system
policy setting is pre-configured when you install ISA Server 2004. 
>>TOM: The default System Policy allows ICMP Information requests, ICMP
Timestamp, and Ping from the Local Host Network to All Networks (and
Local Host Network). Not what I would call "selected servers"

To turn on IP routing, follow these steps:
1. Click Start, point to Programs, point to Microsoft ISA Server, and
then click ISA Server Management. 
>>TOM: IP Routing is enabled by default.
2. In the ISA Server Management console tree, expand ISAServer, where
ISAServer is the name of the ISA Server that you want. 
3. Expand Configuration, and then click General. 
4. In the details pane, click Define IP Preferences under Additional
Security Policy. 
5. In IP Preferences, click the IP Routing tab. 
6. Click to select the Enable IP routing check box, and then click OK.  


Tom
www.isaserver.org/shinder
Tom and Deb Shinder's Configuring ISA Server 2004
http://tinyurl.com/3xqb7
MVP -- ISA Firewalls


-----Original Message-----
From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx] 
Sent: Saturday, October 23, 2004 1:43 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: ping through isa server 2k4

http://www.ISAserver.org

Who the @#^#@$ wrote that KB?
"ICMP Proxy"?!?
"permits the external adapter to send and receive ICMP
packets"?!?!?!?!?!?

..did anyone else notice the glaring lack of another somewhat important
piece of information?

  Jim Harrison
  MCP(NT4, W2K), A+, Network+, PCG
  http://isaserver.org/Jim_Harrison/
  http://isatools.org
  Read the help / books / articles!
 
 

-----Original Message-----
From: Watts, Jeb [mailto:Jwatts@xxxxxxxxxxx] 
Sent: Friday, October 22, 2004 9:24 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: ping through isa server 2k4

http://www.ISAserver.org

Take a look at this article and see if this is what you want.
 
http://www.kbalertz.com/kb_838251.aspx
 
Jeb

________________________________

From: Nick Holmes [mailto:nick_holmes@xxxxxxxxxxxxxxxx] 
Sent: Friday, October 22, 2004 7:13 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] ping through isa server 2k4


http://www.ISAserver.org


Hi guys,

I enabled all System policy rules in ISA 2004 and still not able to ping
a machine through isa server, i.e. from the internet.  Even if i ran a
traceroute, they all time out.. any idea ?

 

Regards,

Nick Holmes.


 

________________________________

Free, simple, fast, memorable email 
Become you@xxxxxxxxxxxxxxxx at http://www.emailaccount.com/
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jwatts@xxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx 

All mail to and from this domain is GFI-scanned.


------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx



------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx

All mail to and from this domain is GFI-scanned.

Other related posts:

• » ping through isa server 2k4
• » RE: ping through isa server 2k4
• » RE: ping through isa server 2k4
• » RE: ping through isa server 2k4
• » RE: ping through isa server 2k4
• » RE: ping through isa server 2k4
• » RE: ping through isa server 2k4
• » RE: ping through isa server 2k4
• » RE: ping through isa server 2k4
• » RE: ping through isa server 2k4
• » RE: ping through isa server 2k4
• » RE: ping through isa server 2k4
• » RE: ping through isa server 2k4

1. Home
2. isalist
3. Archive
4. 10-2004

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---