+ Post New Thread
Results 1 to 3 of 3
MIS Systems Thread, creating isa rules for Intouch in Technical; Can anyone let me know what protocol sims intouch runs over as i need to make some ISA rules for ...
  1. #1

    Join Date
    Sep 2007
    Posts
    217
    Thank Post
    4
    Thanked 25 Times in 23 Posts
    Rep Power
    18

    creating isa rules for Intouch

    Can anyone let me know what protocol sims intouch runs over as i need to make some ISA rules for our upcoming install and the instructions say just to open udp port 1194 both directions

    Cheers

    Andy

  2. #2

    vikpaw's Avatar
    Join Date
    Sep 2006
    Location
    Saudi Arabia
    Posts
    5,843
    Thank Post
    671
    Thanked 1,381 Times in 1,143 Posts
    Rep Power
    349
    that's all i gathered from this thread : Sims InTouch port requirements
    b
    ut there's a lot of chaff there.

  3. #3
    box_l's Avatar
    Join Date
    May 2007
    Location
    Herefordshire
    Posts
    424
    Thank Post
    67
    Thanked 89 Times in 74 Posts
    Rep Power
    61
    I was the originator of that other thread, and did not like the way InTouch worked.

    However, I did have it working and ended up creating a script for ISA 2000 so that if we hat to do any other schools we could easily replicate the settings.

    Code:
    ''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
    '   This program is Coyyright (c) 2001 Microsoft Corporation.  
    
    '   All rights reserved.
    
    '   THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
    '   ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO
    '   THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A
    '   PARTICULAR PURPOSE.
    
    '   IN NO EVENT SHALL MICROSOFT AND/OR ITS RESPECTIVE SUPPLIERS BE
    '   LIABLE FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY
    '   DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS,
    '   WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
    '   ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE
    '   OF THIS CODE OR INFORMATION.
    '
    ' This script only functions with Standalone ISA Servers
    '
    ''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
    
    ' This script imports policy elements, access policies, publishing and routing rules for Sims InTouch to the target array.
    
    Const ERROR_ALREADY_EXISTS = 183
    Sub CheckError()
        On Error Resume Next
        If (Err.Number <> 0) And (Err.Number <> ERROR_ALREADY_EXISTS) Then
            MsgBox "An error has occured:"& vbCrLf & Err.Description & Err.Number
            WScript.Quit Err.Number
        End If
    End Sub
    
    On Error Resume Next
    Set ISA = CreateObject("FPC.Root")
    ISA.Refresh
    Set ISAArray = ISA.Arrays.GetContainingArray
    Set Elements = ISAArray.PolicyElements
    Set APolicy = ISAArray.ArrayPolicy
    Set Publishing = ISAArray.Publishing
    Set RoutingRules = ISAArray.NetworkConfiguration.RoutingRules
    
    '-------------------------------------------------------
    Set ProtocolRules = APolicy.ProtocolRules
    
    Set NewRule = ProtocolRules.Add ("** Allow Sims In-Touch in**")
    CheckError
    NewRule.Description = ""
    NewRule.Enabled = True
    NewRule.Action = 0
    NewRule.SetSchedule (" ")
    NewRule.ProtocolSelectionMethod = 1
    NewRule.SpecifiedProtocols.Add "** Sims_In-Touch_VPN**", "", 0
    NewRule.AppliesToMethod = 0
    
    ProtocolRules.Save
    CheckError
    '-------------------------------------------------------
    Set Protocols = Elements.Protocoldefinitions
    Set NewDefinition = Protocols.AddUDP ("** Sims_In-Touch_VPN**",3,1194)
    CheckError
    NewDefinition.Description = ""
    'NewDefinition.SecondaryConnections.AddUDP 2,1194,1194
    
    Protocols.Save
    CheckError
    
    '-------------------------------------------------------
    Set PacketFilters = APolicy.IpPacketFilters
    
    Set NewPFilter = PacketFilters.Add ("** Allow Sims In-Touch VPN **", 1)
    CheckError
    NewPFilter.Description = ""
    NewPFilter.Enabled = True
    NewPFilter.FilterType = 1
    NewPFilter.AllServers = True
    NewPFilter.ServerName = ""
    NewPFilter.ICMPCodeNumber = 0
    NewPFilter.ICMPCodeOption = 1
    NewPFilter.ICMPTypeNumber = 0
    NewPFilter.ICMPTypeOption = 1
    NewPFilter.LocalPortNumber = 1194
    NewPFilter.LocalPortType = 1
    NewPFilter.LogMatchingPackets = False
    NewPFilter.PacketDirection = 3
    NewPFilter.ProtocolNumber = 17
    NewPFilter.RemotePortNumber = 1194
    NewPFilter.RemotePortType = 2
    NewPFilter.UDPPacketDirection = 5
    NewPFilter.SetLocalHost 1, "", "255.255.255.255"
    NewPFilter.SetRemoteHost 2, "213.129.90.253", "255.255.255.255" '--- Remote host is Capita server, you may need to change this if their address has changed!
    
    Set NewPFilter = PacketFilters.Add ("** Allow Sims In-Touch DHCP Client **", 1)
    CheckError
    NewPFilter.Description = ""
    NewPFilter.Enabled = True
    NewPFilter.FilterType = 1
    NewPFilter.AllServers = True
    NewPFilter.ServerName = ""
    NewPFilter.ICMPCodeNumber = 0
    NewPFilter.ICMPCodeOption = 1
    NewPFilter.ICMPTypeNumber = 0
    NewPFilter.ICMPTypeOption = 1
    NewPFilter.LocalPortNumber = 68
    NewPFilter.LocalPortType = 1
    NewPFilter.LogMatchingPackets = False
    NewPFilter.PacketDirection = 3
    NewPFilter.ProtocolNumber = 17
    NewPFilter.RemotePortNumber = 67
    NewPFilter.RemotePortType = 2
    NewPFilter.UDPPacketDirection = 5
    NewPFilter.SetLocalHost 1, "", ""
    NewPFilter.SetRemoteHost 2, "213.129.90.253", "255.255.255.255" '--- Remote host is Capita server, you may need to change this if their address has changed!
    
    Set NewPFilter = PacketFilters.Add ("** Allow Sims In-Touch HTTP out port 1110 **", 1)
    CheckError
    NewPFilter.Description = ""
    NewPFilter.Enabled = True
    NewPFilter.FilterType = 1
    NewPFilter.AllServers = True
    NewPFilter.ServerName = ""
    NewPFilter.ICMPCodeNumber = 0
    NewPFilter.ICMPCodeOption = 1
    NewPFilter.ICMPTypeNumber = 0
    NewPFilter.ICMPTypeOption = 1
    NewPFilter.LocalPortNumber = 0
    NewPFilter.LocalPortType = 1
    NewPFilter.LogMatchingPackets = False
    NewPFilter.PacketDirection = 3
    NewPFilter.ProtocolNumber = 6
    NewPFilter.RemotePortNumber = 1110
    NewPFilter.RemotePortType = 2
    NewPFilter.UDPPacketDirection = 3
    NewPFilter.SetLocalHost 1, "", "255.255.255.255"
    NewPFilter.SetRemoteHost 1, "", ""
    
    PacketFilters.Save
    CheckError
    '-------------------------------------------------------
    
    MsgBox "ImportISASettings finished succesfully. You should restart your ISA services."
    You may need to make some changes, or just plain use the info for you version of ISA.

    I was in contact with Capita alot trying to get this to work. To start with they only specified that it was port 1194 that needed to be open, but there is so much more!
    They seemed quite suprised that a fire wall would be so .. well.. secure.

    The school also had a single server solution, and as such, had IIS on the ISA server and was also running the intranet from there.
    The capita INTouch services ran from IIS and they were bound to the VPN adapter whose address was assigned by DHCP from Capita's servers.
    On a server reboot this would cause an issue, as the VPN would sometimes fail to get an IP, which in turn would prevent IIS from starting, so preventing the intranet from being avaliable.
    In this school the intranet is the home page and evryone would then complain that the "internet" was not working.

    After 3 months of this the school gave up on InTouch.

    I sincerely hope you do not have a similar setup.

    Have fun,

    BoX
    Last edited by box_l; 22nd November 2011 at 11:38 AM.

  4. Thanks to box_l from:

    vikpaw (22nd November 2011)

SHARE:
+ Post New Thread

Similar Threads

  1. When do you create a ticket for tracking an issue?
    By pete in forum Network and Classroom Management
    Replies: 9
    Last Post: 19th May 2008, 03:25 PM
  2. Creating distribution group for external contacts outlook03
    By Liam in forum How do you do....it?
    Replies: 1
    Last Post: 23rd November 2007, 05:04 PM
  3. Replies: 25
    Last Post: 23rd November 2007, 08:24 AM
  4. Create Flash Files for Free
    By FN-GM in forum General Chat
    Replies: 8
    Last Post: 19th October 2007, 08:50 AM
  5. Replies: 2
    Last Post: 7th September 2007, 02:13 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •