Jump to content

Retrospect 5.x for Windows with Microsoft ISA Server HOWTO


Recommended Posts

Howdy,

 

I don't know how many users of Retrospect are also using Microsoft ISA Server - but I am, and I know a post like this would have saved me several hours.

 

Basically, this is a HOWTO for getting Retrospect Server to connect to and backup clients, with the backup server running ISA Server and the client either on a public IP or behind a quasi-firewall (dsl/cable router *coughlinksyscough* with UDP/TCP ports 487 forwarded, and with both the backup server and remote client running ISA Server. The scenario with both computers running ISA Server is forthcoming - ISP problems on the remote client prevent me from actually testing the ISA server at that end - but i know that it works when connecting to a quasi-firewalled computer. I'll post the rest of the HOWTO when I've verified the config.

 

Okay - first, you'll need a Windows 2000 Server/AS with ISA Server and Retrospect installed. This HOWTO covers Retrospect 5.15, but since (AFAIK) all the newer versions of retrospect use UDP/TCP 497, it should cover them as well.

 

Configuring ISA Server correctly (except for the filters needed for retrospect) is beyond the scope of this article - you're on your own there.

 

Once you have ISA Server set up and locked down (no 'allow all' filters), you should be unable to make connections to Retrospect clients that previously worked. This is because ISA Server only allows connections out (by default) on ports 80, 21, 22, 53, etc.

 

***For connecting to Remote Client Behind Quasi-Firewall***

You'll need to create a packet filter for TCP in ISA Server. Call it whatever you want - doesn't matter. I called mine Retrospect TCP. IP Protocol is TCP (obviously). Direction is Both, Local Port is All Ports (not sure why All Ports is necessary - but it doesn't work if you specify 497. But that's okay, because remote port remains fixed). Remote Port is fixed, at 497. Tell it to bind to the external interface, and apply this filter to either All Remote Computers, or add specifically the only ones you want to work for this.

 

Create another packet filter for UDP. I called mine Retrospect UDP. Direction is Receive Send, Local port is fixed at 497. Remote port is Fixed at 497. Tell it to bind to the external interface, and apply this filter to either All Remote Computers, or add specifically the only ones you want to work for this.

 

Finally, make _sure_ that tcp/upd port 497 is forwarded on the quasi-firewall to the computer behind it (this goes for you WinXP Firewallers, too)

 

This setup works for quasi-firewalled computer - am doing a backup this way right now. And I've allowed only those ports I've authorised through the ISA Server.

 

I'll post the final part of this HOWTO once the remote client's ISP gets their act together.

 

Geek out.

Welcome to Microsoft Linux.

Please enter your login information, or press ESC to login as root.

Login:_

Link to comment
Share on other sites

  • 2 weeks later...

Here's the second part of my HOWTO for Retrospect & ISA Server.

 

I've covered everything you need to set up on the backup server - this part is for a retrospect client that is also behind a firewall. This only covers the retrospect client running on the ISA Server itself - it's trivial to set up port forwarding to a retrospect client behind the ISA Server, but i won't cover that here.

 

Make sure, once again, that you do not have an 'allow all' packet filter enabled on the client ISA Server. To allow Retrospect traffic through, create a packet filter (i called mine Retrospect TCP). Protocol is TCP, Direction is Both. Local Port is fixed at 497, Remote Port is All ports. Create another packet filter (I called mine Retrospect UDP). Protocol is UDP, Direction is Both, Local Port is 497, and Remote port is All ports.

 

This setup has been working for about two weeks or something with no problems, and peace of mind. I apologize for the delay in getting the second half of this writeup out.

 

Geek out.

Welcome to Microsoft Linux.

Please enter your login information, or press ESC to login as root.

Login:_

 

 

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...