Upgrading ISA Server 2000 Policy Elements

Most ISA Server 2000 policy elements are upgraded to ISA Server 2004, as detailed in the following sections.

Client Address Sets

In ISA Server 2000, client address sets included IP addresses and IP address ranges. Client address sets were used in site and content rules and protocol rules (and not in publishing rules).

ISA Server 2004, client address sets are replaced by computer sets. For each ISA Server 2000 rules that apply to client address sets are upgraded, a new computer set is created on ISA Server 2004. The upgraded rule applies to the new computer set, which includes the same IP addresses as the original client address set on ISA Server 2000.

Content Groups

ISA Server 2000 content groups are upgraded directly to ISA Server 2004. If a content group with the same name exists on ISA Server 2004, it is not imported.

Destination Sets

ISA Server 2000 destination sets could include computer names, IP addresses, IP address ranges, domain names, and paths on computers. The destination sets are used in site and content rules and publishing rules.

ISA Server 2004 does not use destination sets. Instead, other network elements were introduced, which can be used flexibly with access rules and publishing rules.

The table below describes how ISA Server 2000 destination sets are mapped to various ISA Server 2004 network objects.

ISA Server 2000 policy element ISA Server 2004 network object
Destination set with wildcards Domain name set
Destination set with path URL set
Destination set with single IP URL Set
Destination set with single IP and with path Computer Set URL Set
Destination set with IP address range Computer Set
Destination set with IP address range and path URL Set NOTE:  If the ISA Server destination set includes more than five IP addresses, no URL set is created. In this case, a warning is included in the log file. Furthermore, if a rule applies to this destination set, the rule is not upgraded, and a message is included in the log file.

Here are some examples of how ISA Server 2000 destination sets are upgraded:

Destination Set on ISA Server 2000 Network Object on ISA Server 2004
Destination set with mayah.microsoft.com Domain name set with mayah.microsoft.com
Destination set with eitanh.microsoft.com and with path foo Domain name set with eitanh.microsoft.com and URL set with http://eitanh.microsoft.com/foo/
Destination set with IP address range 192.168.123.134 (single IP) and path foo Computer set with range 192.168.123.134 to 192.168.123.134 URL set with http://192.168.123.134/foo/
Destination set with yairh.microsoft.com and path /foo, with IP address 1.2.3.4 and path boo, and with IP address range 1.2.3.4 to 1.2.3.5 and path /home Computer set with IP address ranges 1.2.3.4 to 1.2.3.4 and IP address ranges 1.2.3.4 to 1.2.3.5. Domain name set with yairh.microsoft.com Url set with http://yairh.microsoft.com/foo, http://1.2.3.4/boo, http://1.2.3.4/home, and http://1.2.3.5/home

Destination Sets and Rules

The table below describes the ISA Server 2004 rule settings for the destination sets originally used in rules upgraded from ISA Server 2000.

ISA Server 2000 ISA Server 2004
All destinations To property is set to Anywhere
All Internal destinations To property is set to Internal Network Destination network is set to Internal
All External destinations To property is set to External Network Destination network is set to External
Selected destination To property is set to Computer sets, domain names, and URL sets, corresponding to the original destination set.

Protocol definitions

ISA Server 2000 included two types of protocol definitions:

  • "Explicitly-defined"protocol definitions. Protocol elements created upon installation, by ISA Server, or created subsequently by a user.
  • "Implicitly-defined"protocol definitions, used by specific application filters or by an IP packet filter.

The migration tool creates corresponding protocol definitions in ISA Server 2004 for all explicitly-defined protocol elements. If ISA Server 2004 already has a protocol definition with the same name, the ISA Server 2000 protocol definition is not imported.

Implicitly-defined protocol definitions, created by third party application filters, are not upgraded. A warning message indicates this in the migration log file. Implicitly-defined protocol definitions, used with IP packet filters, are upgraded.

Protocol definitions that cannot be identified by the Migration Tool are not upgraded. Any rules that apply to unidentified protocol definitions are deleted.

Schedule

ISA Server 2000 schedules upgrade directly to ISA Server 2004. Any ISA Server 2000 rule that does not have a specifically-named schedule will reference the schedules created (with the same name) in ISA Server 2004.

A new schedule may be created on ISA Server 2004 when two schedules are used by a site and content rule and a protocol rule on ISA Server 2000.

Web listeners

ISA Server 2000 included incoming listeners and outgoing listeners on a specific IP address. On ISA Server 2004, web listeners can be assigned an entire network, or to a specific IP address.

The incoming listeners on ISA Server 2000 are upgraded to ISA Server 2004 as Web listeners on the External network.

The default outgoing listeners on ISA Server 2000 are upgraded to ISA Server 2004 as Web listeners on the Internal network. If the the default listener is not being used, then no listener is upgraded. This is noted in the log file.

Note that the actual IP address of the external NIC on the original ISA Server 2000 computer is saved in the XML file with the configuration information. If ISA Server 2004 is installed on a different computer, you must correct the IP address after you import the XML file.

Naming Conventions

The table below details the naming conventions for the new rule elements

ISA Server 2000 Policy Element ISA Server 2004 Rule Element
Destination set (creates computer set) Computer set with Destination_Set_Name
Destination set (creates URL set) URL set with Destination_Set_Name
Default Web listener External default Web listener
Merged schedule ScheduleName1_ScheduleName2

Additional Links

Search

Support

Documentation

Authorization

 
Forgot your password?
Register

Subscribe

Subscribe to company news