Ahahahahahahaaha rofl Post of the week award Jimbo. Good to see whose administering bank firewalls these days :) Greg Mulholland http://www.isaserver.org http://www.isaserver.mine.nu http://groups.google.com -----Original Message----- From: Jim Harrison [mailto:jim@xxxxxxxxxxxx] Sent: Tuesday, March 09, 2004 8:28 AM To: [ISAserver.org Discussion List] Subject: [isalist] Re: Help! Forwarding outbound packets to an IP address http://www.ISAserver.org First, your bank's advisors are finalists for this year's 1d10t award; their recommendations are completely inappropriate. First, is this connection using TCP or UDP? There's no point in "opening a port" <ducks head> in a protocol that's not being used... If I were to guess, you'd want to: 1. install the FW client on your internal hosts. If you can't (or won't) do this, stop reading now. 2. Create a custom protocol as: Name = "the dumbest bank IT staff in the world" Protocol Type = TCP Port = 2910 Direction = Outbound 3. Create a Protocol Rule that allows this protocol for what ever internal clients need it. Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://www.microsoft.com/isaserver http://isaserver.org/Jim_Harrison http://isatools.org Read the help, books and articles! ----- Original Message ----- From: "Kurt" <ty@xxxxxxxxxxxx> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> Sent: Friday, March 05, 2004 09:13 Subject: [isalist] Help! Forwarding outbound packets to an IP address http://www.ISAserver.org Hi, I have a client who is using ISA Server and has just installed a banking software program (TDAccess). This is a standalone app that does not have any proxy settings built into the program. Therefore they make you go through a ridiculous series of steps so that you can make it work through a firewall and/or proxy. Essentially there is an .ini file for TDAccess which contains the name of the bank server (e.g. www.tdaccesspc.tdbank.ca). When the program is opened it resolves this address, then attempts to connect to the IP on port 2910. On my network there is no default gateway (everyone accesses via proxy). The bank program can resolve the IP (via my DNS server on the ISA server) but of course cannot connect to the IP, as it can't directly connect outside of my IP block. So the bank's solution is to change the .ini file to the IP address of your proxy server, then configure the proxy server to pass any data coming from the internal network on port 2910 to www.tdaccesspc.tdbank.ca. The bank program will contact the ISA server which will (theoretically) transparently pass these packets up to the bank server. Problem is - ISA server doesn't want to play ball. I've set up IP packet filters, and these allow me to use the software - but only from the ISA server, which has the direct Internet connection. Anywhere inside the network just doesn't work. I've searched and searched but I can't find any other way to get ISA to forward requests like the software wants - for inbound connections yes (i.e. server rules), but not for outbound. Any suggestions? This is killing me! ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: gmulholland@xxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')