Hi Greg, Yes, things are a little different with ISA 2004 :) You want to create a computer object named ISP and assign the IP address of the ISP to that object Inbound protocols are used for all access policies that are defined with the Source network and Destination network statements. Those are all access policies except for those representing Server Publishing and Web Publishing Rules. HTH, Tom Thomas W Shinder www.isaserver.org/shinder <http://www.isaserver.org/shinder> ISA 2004 Beta - Get it now! http://www.microsoft.com/isaserver/beta/default.asp <http://www.microsoft.com/isaserver/beta/default.asp> ISA Server and Beyond: http://tinyurl.com/1jq1 Configuring ISA Server: http://tinyurl.com/1llp <http://tinyurl.com/1llp> -----Original Message----- From: Greg Mulholland [mailto:gmulholland@xxxxxxxxxxxxxxx] Sent: Monday, February 16, 2004 7:33 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: Using ISA Server 2004 Network Templates to Automatically Create Access Policy: The Edge Firewall Template http://www.ISAserver.org Thanks ill try that today, ive still got machine lined up on my bench to rebuild, so when i have finished them ill play with 2004 again. It just responds to the inbound connection. So are you saying create a network host "isp" and allow outbound from that to "local host" based on tcp port 5050. That seems a bit ass about, i would have thought i would have done it the other way around, ie, allow inbound to local host from tcp 5050 "isp", but there seems to be no inbound available anymore. Thanks ill give it ago anyway Greg Mulholland http://www.isaserver.org <http://www.isaserver.org/> http://isatools.org <http://isatools.org/> http://groups.google.com <http://groups.google.com/> _____ From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxxxxxxxxx] Sent: Tuesday, February 17, 2004 12:21 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: Using ISA Server 2004 Network Templates to Automatically Create Access Policy: The Edge Firewall Template http://www.ISAserver.org Hi Greg, You should be able to configure a Protocol Definition for TCP 5050 Outbound. Then create a rule that allows Source network External access to that protocol to Destination Network Local Host. Does you machine run an application that generates a new outbound, secondary connection, or does it just respond to the Inbound connection? Thanks! Tom Thomas W Shinder www.isaserver.org/shinder <http://www.isaserver.org/shinder> ISA 2004 Beta - Get it now! http://www.microsoft.com/isaserver/beta/default.asp <http://www.microsoft.com/isaserver/beta/default.asp> ISA Server and Beyond: http://tinyurl.com/1jq1 Configuring ISA Server: http://tinyurl.com/1llp <http://tinyurl.com/1llp> -----Original Message----- From: Greg Mulholland [mailto:gmulholland@xxxxxxxxxxxxxxx] Sent: Monday, February 16, 2004 6:14 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: Using ISA Server 2004 Network Templates to Automatically Create Access Policy: The Edge Firewall Template http://www.ISAserver.org _____ From: Greg Mulholland Sent: Tuesday, 17 February 2004 11:11 AM To: [ISAserver.org Discussion List] Subject: RE: [isalist] RE: Using ISA Server 2004 Network Templates to Automatically Create Access Policy: The Edge Firewall Template Yeah its a tcp connection on port 5050 then my host replies to them as well, so i really need to allow inbound 5050 from them and outbound from me. The second part is not a problem. Greg Mulholland http://www.isaserver.org <http://www.isaserver.org/> http://isatools.org <http://isatools.org/> http://groups.google.com <http://groups.google.com/> _____ From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxxxxxxxxx] Sent: Tuesday, February 17, 2004 10:55 AM To: [ISAserver.org Discussion List] Subject: [isalist] RE: Using ISA Server 2004 Network Templates to Automatically Create Access Policy: The Edge Firewall Template http://www.ISAserver.org Hi Greg, What protocol do they need access inbound? You can rule that allows that computer "outbound" access from itself to the Local Host network. You will need to create a protocol definition first if its not one of the predefined protocols. HTH, Tom _____ From: Greg Mulholland [mailto:gmulholland@xxxxxxxxxxxxxxx] Sent: Monday, February 16, 2004 5:51 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: Using ISA Server 2004 Network Templates to Automatically Create Access Policy: The Edge Firewall Template http://www.ISAserver.org not really, im still trying to get my head around letting a certain isp computer have access to the firewall on a "non defined" inbound port. Greg Mulholland http://www.isaserver.org <http://www.isaserver.org/> http://isatools.org <http://isatools.org/> http://groups.google.com <http://groups.google.com/> _____ From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxxxxxxxxx] Sent: Tuesday, February 17, 2004 10:40 AM To: [ISAserver.org Discussion List] Subject: [isalist] RE: Using ISA Server 2004 Network Templates to Automatically Create Access Policy: The Edge Firewall Template http://www.ISAserver.org Hi Greg, You can't add anything to the system policy, but you can remove stuff. Actually, I guess you can add stuff, in that when you perform certain actions, like enabling the VPN clients network, the disabled VPN system policy rule becomes enabled. Do you want to place some rules that have a higher priority than the system policy rules? Thanks! Tom belists.com ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: gmulholland@xxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')