Can anyone let me know what protocol sims intouch runs over as i need to make some ISA rules for our upcoming install and the instructions say just to open udp port 1194 both directions
Cheers
Andy
Printable View
Can anyone let me know what protocol sims intouch runs over as i need to make some ISA rules for our upcoming install and the instructions say just to open udp port 1194 both directions
Cheers
Andy
that's all i gathered from this thread : http://www.edugeek.net/forums/mis-systems/61463-sims-intouch-port-requirements.html
but there's a lot of chaff there.
I was the originator of that other thread, and did not like the way InTouch worked.
However, I did have it working and ended up creating a script for ISA 2000 so that if we hat to do any other schools we could easily replicate the settings.
You may need to make some changes, or just plain use the info for you version of ISA.Code:''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
' This program is Coyyright (c) 2001 Microsoft Corporation.
' All rights reserved.
' THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
' ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO
' THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A
' PARTICULAR PURPOSE.
' IN NO EVENT SHALL MICROSOFT AND/OR ITS RESPECTIVE SUPPLIERS BE
' LIABLE FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY
' DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS,
' WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
' ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE
' OF THIS CODE OR INFORMATION.
'
' This script only functions with Standalone ISA Servers
'
''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
' This script imports policy elements, access policies, publishing and routing rules for Sims InTouch to the target array.
Const ERROR_ALREADY_EXISTS = 183
Sub CheckError()
On Error Resume Next
If (Err.Number <> 0) And (Err.Number <> ERROR_ALREADY_EXISTS) Then
MsgBox "An error has occured:"& vbCrLf & Err.Description & Err.Number
WScript.Quit Err.Number
End If
End Sub
On Error Resume Next
Set ISA = CreateObject("FPC.Root")
ISA.Refresh
Set ISAArray = ISA.Arrays.GetContainingArray
Set Elements = ISAArray.PolicyElements
Set APolicy = ISAArray.ArrayPolicy
Set Publishing = ISAArray.Publishing
Set RoutingRules = ISAArray.NetworkConfiguration.RoutingRules
'-------------------------------------------------------
Set ProtocolRules = APolicy.ProtocolRules
Set NewRule = ProtocolRules.Add ("** Allow Sims In-Touch in**")
CheckError
NewRule.Description = ""
NewRule.Enabled = True
NewRule.Action = 0
NewRule.SetSchedule (" ")
NewRule.ProtocolSelectionMethod = 1
NewRule.SpecifiedProtocols.Add "** Sims_In-Touch_VPN**", "", 0
NewRule.AppliesToMethod = 0
ProtocolRules.Save
CheckError
'-------------------------------------------------------
Set Protocols = Elements.Protocoldefinitions
Set NewDefinition = Protocols.AddUDP ("** Sims_In-Touch_VPN**",3,1194)
CheckError
NewDefinition.Description = ""
'NewDefinition.SecondaryConnections.AddUDP 2,1194,1194
Protocols.Save
CheckError
'-------------------------------------------------------
Set PacketFilters = APolicy.IpPacketFilters
Set NewPFilter = PacketFilters.Add ("** Allow Sims In-Touch VPN **", 1)
CheckError
NewPFilter.Description = ""
NewPFilter.Enabled = True
NewPFilter.FilterType = 1
NewPFilter.AllServers = True
NewPFilter.ServerName = ""
NewPFilter.ICMPCodeNumber = 0
NewPFilter.ICMPCodeOption = 1
NewPFilter.ICMPTypeNumber = 0
NewPFilter.ICMPTypeOption = 1
NewPFilter.LocalPortNumber = 1194
NewPFilter.LocalPortType = 1
NewPFilter.LogMatchingPackets = False
NewPFilter.PacketDirection = 3
NewPFilter.ProtocolNumber = 17
NewPFilter.RemotePortNumber = 1194
NewPFilter.RemotePortType = 2
NewPFilter.UDPPacketDirection = 5
NewPFilter.SetLocalHost 1, "", "255.255.255.255"
NewPFilter.SetRemoteHost 2, "213.129.90.253", "255.255.255.255" '--- Remote host is Capita server, you may need to change this if their address has changed!
Set NewPFilter = PacketFilters.Add ("** Allow Sims In-Touch DHCP Client **", 1)
CheckError
NewPFilter.Description = ""
NewPFilter.Enabled = True
NewPFilter.FilterType = 1
NewPFilter.AllServers = True
NewPFilter.ServerName = ""
NewPFilter.ICMPCodeNumber = 0
NewPFilter.ICMPCodeOption = 1
NewPFilter.ICMPTypeNumber = 0
NewPFilter.ICMPTypeOption = 1
NewPFilter.LocalPortNumber = 68
NewPFilter.LocalPortType = 1
NewPFilter.LogMatchingPackets = False
NewPFilter.PacketDirection = 3
NewPFilter.ProtocolNumber = 17
NewPFilter.RemotePortNumber = 67
NewPFilter.RemotePortType = 2
NewPFilter.UDPPacketDirection = 5
NewPFilter.SetLocalHost 1, "", ""
NewPFilter.SetRemoteHost 2, "213.129.90.253", "255.255.255.255" '--- Remote host is Capita server, you may need to change this if their address has changed!
Set NewPFilter = PacketFilters.Add ("** Allow Sims In-Touch HTTP out port 1110 **", 1)
CheckError
NewPFilter.Description = ""
NewPFilter.Enabled = True
NewPFilter.FilterType = 1
NewPFilter.AllServers = True
NewPFilter.ServerName = ""
NewPFilter.ICMPCodeNumber = 0
NewPFilter.ICMPCodeOption = 1
NewPFilter.ICMPTypeNumber = 0
NewPFilter.ICMPTypeOption = 1
NewPFilter.LocalPortNumber = 0
NewPFilter.LocalPortType = 1
NewPFilter.LogMatchingPackets = False
NewPFilter.PacketDirection = 3
NewPFilter.ProtocolNumber = 6
NewPFilter.RemotePortNumber = 1110
NewPFilter.RemotePortType = 2
NewPFilter.UDPPacketDirection = 3
NewPFilter.SetLocalHost 1, "", "255.255.255.255"
NewPFilter.SetRemoteHost 1, "", ""
PacketFilters.Save
CheckError
'-------------------------------------------------------
MsgBox "ImportISASettings finished succesfully. You should restart your ISA services."
I was in contact with Capita alot trying to get this to work. To start with they only specified that it was port 1194 that needed to be open, but there is so much more!
They seemed quite suprised that a fire wall would be so .. well.. secure.
The school also had a single server solution, and as such, had IIS on the ISA server and was also running the intranet from there.
The capita INTouch services ran from IIS and they were bound to the VPN adapter whose address was assigned by DHCP from Capita's servers.
On a server reboot this would cause an issue, as the VPN would sometimes fail to get an IP, which in turn would prevent IIS from starting, so preventing the intranet from being avaliable.
In this school the intranet is the home page and evryone would then complain that the "internet" was not working.
After 3 months of this the school gave up on InTouch.
I sincerely hope you do not have a similar setup. :)
Have fun,
BoX