Re: Help! Forwarding outbound packets to an IP address

• From: "Greg Mulholland" <gmulholland@xxxxxxxxxxxxxxx>
• To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
• Date: Tue, 9 Mar 2004 20:02:57 +1100

Ahahahahahahaaha rofl

Post of the week award Jimbo. Good to see whose administering bank
firewalls these days :) 


Greg Mulholland
http://www.isaserver.org
http://www.isaserver.mine.nu
http://groups.google.com 


-----Original Message-----
From: Jim Harrison [mailto:jim@xxxxxxxxxxxx] 
Sent: Tuesday, March 09, 2004 8:28 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: Help! Forwarding outbound packets to an IP
address

http://www.ISAserver.org

First, your bank's advisors are finalists for this year's 1d10t award;
their recommendations are completely inappropriate.
First, is this connection using TCP or UDP?  There's no point in
"opening a port" <ducks head> in a protocol that's not being used...

If I were to guess, you'd want to:
1. install the FW client on your internal hosts.  If you can't (or
won't) do this, stop reading now.
2. Create a custom protocol as:
    Name = "the dumbest bank IT staff in the world"
    Protocol Type = TCP
    Port = 2910
    Direction = Outbound
3. Create a Protocol Rule that allows this protocol for what ever
internal clients need it.


 Jim Harrison
 MCP(NT4, W2K), A+, Network+, PCG
 http://www.microsoft.com/isaserver
 http://isaserver.org/Jim_Harrison
 http://isatools.org

 Read the help, books and articles!
----- Original Message -----
From: "Kurt" <ty@xxxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Friday, March 05, 2004 09:13
Subject: [isalist] Help! Forwarding outbound packets to an IP address


http://www.ISAserver.org

Hi,

I have a client who is using ISA Server and has just installed a banking
software program (TDAccess). This is a standalone app that does not have
any proxy settings built into the program. Therefore they make you go
through a ridiculous series of steps so that you can make it work
through
a firewall and/or proxy.

Essentially there is an .ini file for TDAccess which contains the name
of
the bank server (e.g. www.tdaccesspc.tdbank.ca). When the program is
opened it resolves this address, then attempts to connect to the IP on
port 2910.

On my network there is no default gateway (everyone accesses via proxy).
The bank program can resolve the IP (via my DNS server on the ISA
server)
but of course cannot connect to the IP, as it can't directly connect
outside of my IP block.

So the bank's solution is to change the .ini file to the IP address of
your proxy server, then configure the proxy server to pass any data
coming
from the internal network on port 2910 to www.tdaccesspc.tdbank.ca. The
bank program will contact the ISA server which will (theoretically)
transparently pass these packets up to the bank server.

Problem is - ISA server doesn't want to play ball. I've set up IP packet
filters, and these allow me to use the software - but only from the ISA
server, which has the direct Internet connection. Anywhere inside the
network just doesn't work.

I've searched and searched but I can't find any other way to get ISA to
forward requests like the software wants - for inbound connections yes
(i.e. server rules), but not for outbound.

Any suggestions? This is killing me!




------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe send a blank email to
$subst('Email.Unsub')


------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
gmulholland@xxxxxxxxxxxxxxx
To unsubscribe send a blank email to
$subst('Email.Unsub')

Other related posts:

• » Help! Forwarding outbound packets to an IP address
• » RE: Help! Forwarding outbound packets to an IP address
• » RE: Help! Forwarding outbound packets to an IP address
• » Re: Help! Forwarding outbound packets to an IP address
• » Re: Help! Forwarding outbound packets to an IP address
• » Re: Help! Forwarding outbound packets to an IP address
• » Re: Help! Forwarding outbound packets to an IP address
• » Re: Help! Forwarding outbound packets to an IP address
• » Re: Help! Forwarding outbound packets to an IP address
• » Re: Help! Forwarding outbound packets to an IP address
• » Re: Help! Forwarding outbound packets to an IP address
• » Re: Help! Forwarding outbound packets to an IP address
• » Re: Help! Forwarding outbound packets to an IP address

1. Home
2. isalist
3. Archive
4. 03-2004

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---