ok, so I ran into a weird one today. at this site they have a cisco 1604 for internet access (ISDN). Behind the router is a Microsoft ISA server, and behind the ISA box is a citrix server.
ok, so I have a snort box setting on the link between the router and ISA and it has been seeing some interesting traffic, so I decided to setup some accesslists on the router and lock it down nice and tight and make it alittle harder on my sneaky fin scanning little friend.
I got on my router and to my suprise I found it had the firewall version os the IOS installed, so I figured, WTH, why not. I got it all locked down and only left open the following:
outgoing tcp:
80, 443(https), 1494(citrix), 25
outgoing udp:
rip, 53, and 1604 (winframe)
incoming tcp:
25, 443(https), 1494(citrix)
incoming udp
rip, 53, and 1604 (winframe)
So I did this and everything seemed to be working fine, except when I tried citrix from the outside. Citrix would not connect, the ica client kept saying there is no server on the specified addy....so...
I kep easing back on the restrictions until everything was wide open... still no citrix, so, since citrix worked from the LAN I turned to the ISA server. I restarted the ISA services, and POOF, citrix worked again.
Well I went through again and tightened up the routers, and when I make an access list for 1494 it somehow pisses off the ISA server and it has to be restarted (and the access list must be removed...
so, I would like to know if anyone has absolutely ANY idea as to why that god damn Microsoft POS firewall does this, I would appreciate the input.
Also, removing the ISA server is not an option.
TIA
ok, so I have a snort box setting on the link between the router and ISA and it has been seeing some interesting traffic, so I decided to setup some accesslists on the router and lock it down nice and tight and make it alittle harder on my sneaky fin scanning little friend.
I got on my router and to my suprise I found it had the firewall version os the IOS installed, so I figured, WTH, why not. I got it all locked down and only left open the following:
outgoing tcp:
80, 443(https), 1494(citrix), 25
outgoing udp:
rip, 53, and 1604 (winframe)
incoming tcp:
25, 443(https), 1494(citrix)
incoming udp
rip, 53, and 1604 (winframe)
So I did this and everything seemed to be working fine, except when I tried citrix from the outside. Citrix would not connect, the ica client kept saying there is no server on the specified addy....so...
I kep easing back on the restrictions until everything was wide open... still no citrix, so, since citrix worked from the LAN I turned to the ISA server. I restarted the ISA services, and POOF, citrix worked again.
Well I went through again and tightened up the routers, and when I make an access list for 1494 it somehow pisses off the ISA server and it has to be restarted (and the access list must be removed...
so, I would like to know if anyone has absolutely ANY idea as to why that god damn Microsoft POS firewall does this, I would appreciate the input.
Also, removing the ISA server is not an option.
TIA
Facebook
Twitter