The Allow All IP Packet Filter Does Not Work for ISA Server Perimeter Network Hosts (313907)

RESOLUTION

To resolve this problem, configure a packet filter for TCP, UDP, and any IP protocols such as Internet Control Message Protocol (ICMP), and then apply the filter to the perimeter network hosts:

1. Start the ISA Server Microsoft Management Console (MMC), and then expand Access Policy.
2. Right-click IP Packet Filters, point to New, and then click Filter.
3. Name the filter ICMP_DMZ, and then click Next.
4. Make sure Allow Packet Transmission is selected, and then click Next.
5. Click Custom, and then click Next.
6. In the IP Protocol box, click ICMP, click Both in the Direction box, click All types in the Types box, click All codes in the Codes box, and then click Next.
7. Click This computer (on the perimeter network), type the perimeter network host IP address, and then click Next.
8. Make sure that All remote computers is selected, and then click Next.
9. Click Finish.
10. Restart the Firewall Service in ISA Server.

NOTE: To allow TCP or UDP protocols for perimeter network hosts, complete this procedure, except in step 5, click either TCP or UDP, depending on the protocol that you want to grant access to.

To apply this packet filter to a subnet in the perimeter network instead of a single host:

1. Right-click the ICMP_DMZ IP packet filter, and then click Properties.
2. Click the Local Computer tab.
3. Click These computers (on the perimeter network).
4. Type the IP subnet in the perimeter network that must have access to Public Subnet-A.
5. Click Apply, and then click OK.
6. Restart the Firewall Service in ISA Server.

NOTE: The perimeter network host cannot ping the public interface IP address of the ISA Server computer; however, the perimeter network host can ping hosts on the public subnet of the ISA Server computer.