Blog du Tristank

So terrific that 3 of 4 readers rated it "soporific"

ISA 2000: Script for Bigpond Cable Heartbeat

If you’re not on the Australian Telstra Bigpond Cable network, you don’t need this.

 

Update: Since 2007 (or maybe before; I lost track), Bigpond moved away from their heartbeat, instead using cable modem authentication. So, no need for this any more. W00p! 🙂

 

This is a script I wrote a long while back that enables packet filters corresponding to the Bigpond Heartbeat ports on your ISA Server (2000).

 

It’s specifically for the scenario in which ISA is directly connected to Bigpond Cable, and has Packet Filtering enabled, and is the computer running the login client. If you have a cable router in front of ISA doing the login stuff, you don’t need to use this. It’s only for directly-connected ISAs.

 

It creates two packet filters – one for 5050 TCP outbound for the sign-in, one for UDP 5050 Receive then Send for the Heartbeat challenge/response.

 

By default, it allows inbound 5050 UDP to the ISA Server from all IP addresses, but when you know the IP address of your login server, you can modify the script – or if you’re not comfortable with scripting, just modify the packet filter it creates via the MMC directly – to only allow the heartbeat from the IP of the login-server, sm-server or dce-server (ping to find the IP address), depending on your state.

 

It also creates a new SSL tunnel port, enabling TCP port 8443 to be used by Web Proxy clients for outbound SSL.

 

Download here: BPAISA2K.zip – usual caveat applies: all care taken, but no responsibility accepted.