..and the $64K answer was? I imagine there are quite a few folks in the list that would be interested.. Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://isaserver.org/authors/harrison/ Read the books! ----- Original Message ----- From: "arun prasadh" <arun_arun@xxxxxxxxx> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> Sent: Thursday, June 27, 2002 12:07 AM Subject: [isalist] Re: Allowing ICMP packets through ISA server http://www.ISAserver.org Hi Jim, Thanks a lot. we have solved the problem. Its working fine. Regards Arun ----- Original Message ----- From: "Jim Harrison" <jim@xxxxxxxxxxxx> Date: Wed, 26 Jun 2002 21:46:49 -0700 To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> Subject: [isalist] Re: Allowing ICMP packets through ISA server > http://www.ISAserver.org > > > First of all, allowing ping isn't secure, since it's the most basic of DoS > attacks. > You need to take a look in your event logs and ISA logs; something isn't > right with your server (no duh, huh?). > You can use http://jalojash.org/isascripts/isainfo.vbs to gather all the > basic info about your ISA server and fwd it to the list. > Maybe then that'll have some details... > > > Jim Harrison > MCP(NT4, W2K), A+, Network+, PCG > http://isaserver.org/authors/harrison/ > Read the books! > ----- Original Message ----- > From: arun prasadh > To: [ISAserver.org Discussion List] > Sent: Wednesday, June 26, 2002 9:10 PM > Subject: [isalist] Re: Allowing ICMP packets through ISA server > > > http://www.ISAserver.org > Hi Jim, > > Yes the IP Routing is Enabled .Still it doesnt work what might be the > problem. > > again i have encountered a peculiar problem. > If I stop the firewall service only I am able to ping with the filters > created in the FW enabled . > when the firewall is stopped how the filters inside the firewall is working. > Also if the Packet filter is disabled , even if the FW service is started or > stopped it doesnt allow ping > When i start the FW service with the Packet Enabled it doesnt allow ping or > any ICMP packet. > Is it secure to stop the FW servcie and enable the Packet Filters to enable > to PING . > Thanks > Arun > > ----- Original Message ----- > From: "Jim Harrison" > Date: Wed, 26 Jun 2002 06:31:24 -0700 > To: "[ISAserver.org Discussion List]" > Subject: [isalist] Re: Allowing ICMP packets through ISA server > > > > http://www.ISAserver.org > > > > > > One other possibility; have you selected "Enable IP routing" in IP Packet > > Filters properties? > > Jim Harrison > > MCP(NT4, W2K), A+, Network+, PCG > > http://isaserver.org/authors/harrison/ > > Read the books! > > ----- Original Message ----- > > From: "arun prasadh" > > To: "[ISAserver.org Discussion List]" > > Sent: Tuesday, June 25, 2002 10:55 PM > > Subject: [isalist] Re: Allowing ICMP packets through ISA server > > > > > > http://www.ISAserver.org > > > > > > > > Thanks Jim, > > > > It doesnt work even after i created these two filters, however when i stop > > the firewall service it allows me to ping . > > > > kindly assist > > > > thanks > > Arun > > ----- Original Message ----- > > From: "Jim Harrison" > > Date: Tue, 25 Jun 2002 22:32:01 -0700 > > To: "[ISAserver.org Discussion List]" > > Subject: [isalist] Re: Allowing ICMP packets through ISA server > > > > > > > http://www.ISAserver.org > > > > > > > > > Ahh, I must have read it inside out... > > > You'll need to create two packet filters: > > > 1. > > > Name: "DMZ Ping In" > > > Filter Type: ICMP ping query > > > Local Computer: "These computers (on the perimeter network)" > > > (enter your DMZ subnet here) > > > Remote Computer: > > > 2. > > > Name: "DMZ Ping Out" > > > Filter Type: ICMP all outbound > > > Local Computer: "These computers (on the perimeter network)" > > > (enter your DMZ subnet here) > > > Remote Computer: > > > > > > Jim Harrison > > > MCP(NT4, W2K), A+, Network+, PCG > > > http://isaserver.org/authors/harrison/ > > > Read the books! > > > ----- Original Message ----- > > > From: "arun prasadh" > > > To: "[ISAserver.org Discussion List]" > > > Sent: Tuesday, June 25, 2002 10:14 PM > > > Subject: [isalist] Re: Allowing ICMP packets through ISA server > > > > > > > > > http://www.ISAserver.org > > > > > > > > > Thanks Jim, > > > > > > I am not using LAT , i am using Public address in the DMZ. To start with > i > > > want to check whether my Hosts in the DMZ are alive by using Ping and > > Trace > > > Route command. > > > > > > I am setting up FW for the first time , kindly assist. > > > > > > Thanks. > > > Arun > > > > > > ----- Original Message ----- > > > From: "Jim Harrison" > > > Date: Tue, 25 Jun 2002 22:08:19 -0700 > > > To: "[ISAserver.org Discussion List]" > > > Subject: [isalist] Re: Allowing ICMP packets through ISA server > > > > > > > > > > http://www.ISAserver.org > > > > > > > > > > > > ISA doesn't allow ICMP to pass inbound to the LAT. > > > > You can't create a rule for it, either. > > > > > > > > Jim Harrison > > > > MCP(NT4, W2K), A+, Network+, PCG > > > > http://isaserver.org/authors/harrison/ > > > > Read the books! > > > > ----- Original Message ----- > > > > From: "arun prasadh" > > > > To: "[ISAserver.org Discussion List]" > > > > Sent: Tuesday, June 25, 2002 9:27 PM > > > > Subject: [isalist] Allowing ICMP packets through ISA server > > > > > > > > > > > > http://www.ISAserver.org > > > > > > > > > > > > How to allow ICMP request from external INTERNET to the internal local > > > > network through the ISA firewall. what rule should i create to allow > the > > > > request and for response. > > > > > > > > ------------------------------------------------------ > > > > You are currently subscribed to this ISAserver.org Discussion List as: > > > > jim@xxxxxxxxxxxx > > > > To unsubscribe send a blank email to > $subst('Email.Unsub') > > > > > > > > > > > > > > > > ------------------------------------------------------ > > > > You are currently subscribed to this ISAserver.org Discussion List as: > > > arun_arun@xxxxxxxxx > > > > To unsubscribe send a blank email to > $subst('Email.Unsub') > > > > > > > > > > -- > > > __________________________________________________________ > > > > > > Sign-up for your own FREE Personalized E-mail at Mail.com > > > > > > http://www.mail.com/?sr=signup > > > > > > > > > > > > Save up to $160 by signing up for NetZero Platinum Internet service. > > > > > > http://www.netzero.net/?refcd=N2P0602NEP8 > > > > > > > > > > > > ------------------------------------------------------ > > > You are currently subscribed to this ISAserver.org Discussion List as: > > > jim@xxxxxxxxxxxx > > > To unsubscribe send a blank email to $subst('Email.Unsub') > > > > > > > > > > > > ------------------------------------------------------ > > > You are currently subscribed to this ISAserver.org Discussion List as: > > arun_arun@xxxxxxxxx > > > To unsubscribe send a blank email to $subst('Email.Unsub') > > > > > > > -- > > __________________________________________________________ > > > > Sign-up for your own FREE Personalized E-mail at Mail.com > > > > http://www.mail.com/?sr=signup > > > > > > > > Save up to $160 by signing up for NetZero Platinum Internet service. > > > > http://www.netzero.net/?refcd=N2P0602NEP8 > > > > > > > > ------------------------------------------------------ > > You are currently subscribed to this ISAserver.org Discussion List as: > > jim@xxxxxxxxxxxx > > To unsubscribe send a blank email to $subst('Email.Unsub') > > > > > > > > ------------------------------------------------------ > > You are currently subscribed to this ISAserver.org Discussion List as: > arun_arun@xxxxxxxxx > > To unsubscribe send a blank email to $subst('Email.Unsub') > > > > -- > _______________________________________________ > Sign-up for your own FREE Personalized E-mail at Mail.com > Save up to $160 by signing up for NetZero Platinum Internet service. > ------------------------------------------------------ You are currently > subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To > unsubscribe send a blank email to $subst('Email.Unsub') > > > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion List as: arun_arun@xxxxxxxxx > To unsubscribe send a blank email to $subst('Email.Unsub') > -- __________________________________________________________ Sign-up for your own FREE Personalized E-mail at Mail.com http://www.mail.com/?sr=signup Save up to $160 by signing up for NetZero Platinum Internet service. http://www.netzero.net/?refcd=N2P0602NEP8 ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')