How to provide access to an internal Message Queuing server by using ISA Server 2004 (838259)


The information in this article applies to:

  • Microsoft Internet Security and Acceleration Server 2004, Standard Edition
For a Microsoft Internet Security and Acceleration Server 2000 version of this article, see 319454.

INTRODUCTION

This article describes how to configure access to a Microsoft Message Queuing (also known as MSMQ) server computer by using Microsoft Internet Security and Acceleration (ISA) Server 2004.

MORE INFORMATION

To enable external access to a Microsoft Message Queuing server by using ISA Server 2004, follow these steps:
  1. On the Message Queuing server computer, create a queue under the private queues.
  2. Set the default gateway on the Message Queuing server computer to an internal IP address of the ISA Server computer.
  3. Create the following protocol definitions in ISA Server:
    NamePort numberProtocol typeDirection
    MSMQ18011801TCPinbound
    MSMQ21012101TCPinbound
    MSMQ21032103TCPinbound
    MSMQ21052105TCPinbound
    To do this, follow these steps:
    1. Start the ISA Server Management tool.
    2. Expand ServerName where ServerName is the name of your ISA Server computer.
    3. Click Firewall Policy, click the Toolbox tab, click Protocols, click New, and then click Protocol.
    4. In the Protocol definition name box, type MSMQ 1801.
    5. Click Next, click New, leave the TCP option in the Protocol type list, click Inbound in the Direction list, type 1801 in the From box, type 1801 in the To box, and then click OK.
    6. Click Next two times, and then click Finish.
    7. Follow steps c through f to create the remaining protocol definitions from this table.
    8. Click Apply to update the firewall policy, and then click OK.
  4. Create a new access rule to allow the following protocol definitions:

    Any RPC
    MSMQ1801
    MSMQ2101
    MSMQ2103
    MSMQ2105

    To do this, follow these steps:
    1. In the ISA Server Management tool, click Firewall Policy, click the Tasks tab, and then click Create New Access Rule.
    2. In the Access rule name box, type Access MSMQ, and then click Next.
    3. Click Allow, click Next, and then click Selected protocols in the This rule applies to list.
    4. Click Add, expand User-Defined, and then add the following protocol definitions:

      MSMQ1801
      MSMQ2101
      MSMQ2103
      MSMQ2105

    5. Expand All Protocols, click RPC (all interfaces), click Add, click Close, and then click Next.
    6. On the Access Rule Sources page, click Add, expand Networks, click External, click Add, click Close, and then click Next.
    7. On the Access Rule Destinations page, click Add, click New, and then click Computer.
    8. In the Name box, type a descriptive name for your Message Queuing computer, type the IP address of the Message Queuing computer in the Computer IP Address box, and then click OK.
    9. Under Computers, click the new computer definition that you created, click Add, click Close, and then click Next.
    10. Leave the All Users user set in the This rule applies to requests from the following user sets box, and then click Next.
    11. Review the access rule configuration, and then click Finish.
  5. Click Apply to update the firewall policy, and then click OK.
Modification Type:MajorLast Reviewed:7/16/2004
Keywords:kbFirewall kbinfo KB838259 kbAudITPRO
©2004 Microsoft Corporation. All rights reserved.