Microsoft KB Archive/838259

= How to provide access to an internal Message Queuing server by using ISA Server 2004 =

Article ID: 838259

Article Last Modified on 7/16/2004

-

APPLIES TO


 * Microsoft Internet Security and Acceleration Server 2004 Standard Edition

-





For a Microsoft Internet Security and Acceleration Server 2000 version of this article, see 319454.



INTRODUCTION
This article describes how to configure access to a Microsoft Message Queuing (also known as MSMQ) server computer by using Microsoft Internet Security and Acceleration (ISA) Server 2004.



MORE INFORMATION
To enable external access to a Microsoft Message Queuing server by using ISA Server 2004, follow these steps:  On the Message Queuing server computer, create a queue under the private queues. Set the default gateway on the Message Queuing server computer to an internal IP address of the ISA Server computer. Create the following protocol definitions in ISA Server:

To do this, follow these steps:  Start the ISA Server Management tool. Expand   where  is the name of your ISA Server computer. Click Firewall Policy, click the Toolbox tab, click Protocols, click New, and then click Protocol.</li> In the Protocol definition name box, type MSMQ 1801 .</li> Click Next, click New, leave the TCP option in the Protocol type list, click Inbound in the Direction list, type 1801 in the From box, type 1801 in the To box, and then click OK.</li> Click Next two times, and then click Finish.</li> Follow steps c through f to create the remaining protocol definitions from this table.</li> Click Apply to update the firewall policy, and then click OK.</li></ol> </li> Create a new access rule to allow the following protocol definitions:

Any RPC

MSMQ1801

MSMQ2101

MSMQ2103

MSMQ2105

To do this, follow these steps: <ol style="list-style-type: lower-alpha;"> In the ISA Server Management tool, click Firewall Policy, click the Tasks tab, and then click Create New Access Rule.</li> In the Access rule name box, type Access MSMQ, and then click Next.</li> Click Allow, click Next, and then click Selected protocols in the This rule applies to list.</li> Click Add, expand User-Defined, and then add the following protocol definitions:

MSMQ1801

MSMQ2101

MSMQ2103

MSMQ2105

</li> Expand All Protocols, click RPC (all interfaces), click Add, click Close, and then click Next.</li> On the Access Rule Sources page, click Add, expand Networks, click External, click Add, click Close, and then click Next.</li> On the Access Rule Destinations page, click Add, click New, and then click Computer.</li> In the Name box, type a descriptive name for your Message Queuing computer, type the IP address of the Message Queuing computer in the Computer IP Address box, and then click OK.</li> Under Computers, click the new computer definition that you created, click Add, click Close, and then click Next.</li> Leave the All Users user set in the This rule applies to requests from the following user sets box, and then click Next.</li> <li>Review the access rule configuration, and then click Finish.</li></ol> </li> <li>Click Apply to update the firewall policy, and then click OK.</li></ol>

Keywords: kbinfo kbfirewall KB838259

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.