Upgrading from Microsoft Internet Security and Acceleration (ISA) Server 2000 Standard Edition

Microsoft Internet Security and Acceleration (ISA) Server 2004 supports a full upgrade path for ISA Server 2000 users. Most ISA Server 2000 rules, network settings, monitoring configuration, and cache configuration will be upgraded to ISA Server 2004.

ISA Server 2004 introduces many new features and changes. These changes affect the server configuration and upgrade scenarios. This section provides information about the key items to consider as part of the upgrade process.

Back to Top


Upgrade process

The ISA Server 2004 Migration Tool enables a full upgrade path for ISA Server 2000 users to ISA Server 2004. Most ISA Server 2000 configuration information will be upgraded to ISA Server 2004. ISA Server 2004 introduces many new features and changes over ISA Server 2000. These changes affect the server configuration and upgrade scenarios.

Note:

There are three options for upgrading from ISA Server 2000:

In-place upgrade

You can perform an in-place upgrade by running the Migration Tool on a computer with ISA Server 2000 installed. When you perform an in-place upgrade, ISA Server 2000 is removed and ISA Server 2004 is installed with the migrated configuration.

Migrating the configuration

The migration from ISA Server 2000 to ISA Server 2004 includes the following steps:

  1. Run the ISA Server Migration Wizard on the ISA Server 2000 computer. The wizard creates an .xml file with the configuration information.
  2. Install Microsoft ISA Server 2004.
  3. Import the .xml file to the ISA Server 2004 computer. Before you import the .xml file, we recommend that you perform a full backup of the current settings on the ISA Server 2004 computer.

The actual IP address of the external network adapter on the original ISA Server 2000 computer is saved in the .xml file with the configuration information. If ISA Server 2004 is installed on a different computer, you must correct the IP address after you import the .xml file.

Upgrading Add-ins

Application filters and Web filters supplied by third party vendors for ISA Server 2000 are not compatible with ISA Server 2004. Some third party vendors have created new versions for ISA Server 2004. To upgrade to the new versions, perform the following steps:

  1. Uninstall the application filters and Web filters from the ISA Server 2000 computer.
  2. Perform the upgrade to ISA Server 2004, as described here.
  3. Install the new version of the application filter or Web filter.

What is not upgraded

The following ISA Server 2000 objects and configuration settings are not migrated to ISA Server 2004:

When you use the Migration Tool to install ISA Server 2004, the Firewall Client Share (with the Firewall Client for ISA Server 2004 software) is installed. It is recommended that you install the Firewall Client Share.

Back to Top


ISA Server 2000 administration and monitoring configuration upgrade

Some administration and monitoring configuration settings are migrated to ISA Server 2004, as detailed in the following sections.

System access control lists

In ISA Server 2000, you can use ISA Server Management to reconfigure a system access control list (SACL) on certain objects. In addition, the SACL for any element could be changed, using the Admin COM object model.

SACLs are not migrated to ISA Server 2004. Instead, the default SACLs are applied.

Monitoring

All ISA Server 2000 alert definitions are migrated directly to ISA Server 2004, with the following exceptions:

No log configuration settings are migrated from ISA Server 2000. ISA Server 2004 log settings are set to the post-installation default settings. After migration, ISA Server 2004 logs are stored as Microsoft Data Engine (MSDE) logs or in text format.

Report jobs, reports, and report configuration areMicrosoft Data Engine Microsoft Data Engine not migrated.

Back to Top


ISA Server 2000 access policy configuration upgrade

Most ISA Server 2000 access policy rules are upgraded to ISA Server 2004, as detailed in the following sections.

Note that in ISA Server 2000, you can configure a rule that blocks traffic between the ISA Server computer (Local Host) and the External network. On ISA Server 2004, however, the system policy controls how the ISA Server computer (Local Host) accesses all networks. Because system policy rules are processed first, they will override any access policy rules you may specifically configure that deny access from the Local Host network to the External network.

Bandwidth rules

Bandwidth rules (and associated policy elements) are not supported in ISA Server 2004. They are not upgraded.

IP packet filters

ISA Server 2000 packet filters are not explicitly configurable in ISA Server 2004. Packet filters in ISA Server 2000 were used to:

If packet filtering is disabled on ISA Server 2000, then all traffic to the Local Host and Perimeter networks is allowed and the packet filters are ignored. When migrating the ISA Server 2000 configuration, the ISA Server 200 packet filters are migrated as is to ISA Server 2004.

The following table lists how custom ISA Server 2000 packet filters are upgraded to ISA Server 2004 access rules.

Property ISA Server 2000 packet filter ISA Server 2004 access rule
Name, description, servers, enabled Same as ISA Server 2000 values
ISA Server 2000 IP Protocol upgraded to ISA Server 2004: Protocol definition TCP, UDP, ICMP, or custom IP protocol Same protocol
Any No new protocol, and migration tool sets protocol to All outbound IP traffic
Protocol number Same protocol number
Local port Source port defined in the access rule, and destination port (or source port, depending on the protocol direction) defined in the protocol connection
Local port number Source port range (on the Protocol tab of the access rule)
Direction Outbound Outbound
Inbound Outbound (To and From fields changed accordingly)
Send Receive Send Receive
Receive Send Send Receive (To and From fields changed accordingly)
ISA Server 2000: Local computer (Applies To) upgraded to ISA Server 2004: Access Rule "To" property Default IP address Local Host network
Local computer set to the IP address of the ISA Server 2000 computer Computer element with the IP address of the ISA Server 2004 computer
Local computer set to a specific IP address Computer element with the specific IP address
Local computer set to a perimeter network Address range object with the IP addresses of the perimeter network
ISA Server 2000: Remote computer (Applies To) upgraded to ISA Server 2004: Access Rule "From" property All remote computers All External networks
This remote computer Computer object set to the IP address of the remote computer
This range of computers Subnet with the specified address range

Note

Example

The access rules (created to replace the ISA Server 2000 packet filters) that deny access are ordered first. The rules that allow access are ordered subsequently, as shown in the following table.

ISA Server 2000 ISA Server 2004
Packet filter with these properties
  • Protocol: UDP
  • Direction: Send Receive
  • Local port: 53
  • Remote port: 78
  • Local computer applies to: default IP addresses on the external interface
  • Remote computer: All remote computers
Access rule with these properties:
  • Source network is set to Local Host
  • Port: 53
  • Destination network is set to All External networks
Protocol definition with these properties:
  • Protocol: UDP
  • Port: 78
  • Direction: Send Receive

IP packet filters: predefined

ISA Server 2000 includes several predefined IP packet filters. The migration tool creates system policy rules, based on these IP packet filters, as detailed in the following table.

ISA Server 2000 IP packet filter ISA Server 2004 system policy rule
DHCP Client Allow DHCP request from ISA Server to all networks
DNS filter Allow DNS from ISA Server to selected servers
ICMP outbound Allow ICMP requests from ISA Server to selected servers
ICMP Ping response (in), ICMP Timeout in, ICMP source quench, ICMP unreachable in Allow ICMP (PING) requests from selected computers to ISA Server
IP Replay (out) Allow ICMP requests from ISA Server to selected servers

When running the ISA Server Migration Tool, you can choose whether to allow traffic from the Internal network to the ISA Server computer. If you select this option, a rule is created that allows traffic from the Internal network to the Local Host network, and the reverse.

Protocol rules

ISA Server 2000 access policy consisted of protocol rules, and site and content rules. ISA Server 2004 includes only access rules, which are based on a combination of the original protocol rules, and site and content rules.

ISA Server 2000 protocol rules are upgraded to ISA Server 2004 access rules. Most properties are directly upgraded to ISA Server 2004. The Applies To property is upgraded, as detailed in the following table.

ISA Server 2000 protocol rule ISA Server 2004 access rule
Any Request Source network set to Internal and Local Host.
Client address sets From is set to a computer set with specific IP addresses in original client address set.
Source network is set to Internal.
Users and groups From is set to a user set with the specific users originally specified.
Source network is set to Internal.

Note that third-party application filters are not upgraded. Similarly, any protocol definitions that are installed with the application filter are not upgraded. Any rules that apply to these protocol definitions are not upgraded.

You can configure an ISA Server 2000 registry key, IgnoreContentTypeIfNotApplicable, which determines whether a content group is ignored for protocol rules that do not apply to HTTP. If this registry key is enabled, the migration tool creates two access rules for any protocol rule that applied to both HTTP and additional protocols. For example, if ISA Server 2000 includes a protocol rule that applies to POP3 and HTTP protocols, the migration tool creates two access rules on ISA Server 2004: one for POP3 and another for HTTP.

Site and content rules

ISA Server 2000 access policy consisted of protocol rules, and site and content rules. ISA Server 2004 includes only access rules, which are based on a combination of the original protocol rules, and site and content rules.

ISA Server 2000 site and content rules are upgraded to ISA Server 2004 access rules. Most properties are directly upgraded to ISA Server 2004. The Applies To property is upgraded, as detailed in the following table.

ISA Server 2000 site and content rule ISA Server 2004 access rule
Any Request Source network set to Internal and Local Host.
Client address sets From is set to a computer set with specific IP addresses in original client address set.
Source network is set to Internal and Local Host.
Users and groups From is set to a user set with the specific users originally specified.
Source network is set to Internal.

You can configure an ISA Server 2000 registry key, IgnoreContentTypeIfNotApplicable, which determines whether a content group is ignored for protocol rules that do not apply to HTTP. If this registry key is enabled, the migration tool creates two access rules for any protocol rule that applied to both HTTP and additional protocols. For example, if ISA Server 2000 includes a protocol rule that applies to POP3 and HTTP protocols, the migration tool creates two access rules on ISA Server 2004: one for POP3 and another for HTTP.

Merging protocol rules, and site and content rules

Some protocol rules, and site and content rules, are merged into a single access rule when upgrading to ISA Server 2004.

Naming conventions

The following table details the naming conventions for the new access rules.

ISA Server 2000 rule ISA Server 2004 rule name Example
Protocol deny rule ISANumber-ISA_Rule_Name ISA12-DenyNimda
Site and content deny rule ISANumber-ISA_Rule_Name ISA13-BlockBadStuff
Packet filter ISANumber-ISA_Rule_Name ISA14-ICMP
Bidirectional packet filter ISANumber-ISA_Rule_Name(Inbound)
ISANumber-ISA_Rule_Name(Inbound)
ISA18-NNMP(Inbound)
ISA19-NNMP(Outbound)
Merged protocol and site and content rule ISANumber-ISA_Rule_Name+ISA_Rule_Name ISA15_InternetAccess+BlockBadStuff

Back to Top


ISA Server 2000 publishing policy configuration upgrade

ISA Server 2000 publishing rules are upgraded to ISA Server 2004, as detailed in the following sections.

Note that in ISA Server 2000, you can configure a rule that blocks traffic between the ISA Server computer (Local Host) and the External network. On ISA Server 2004, however, the system policy controls how the ISA Server computer (Local Host) accesses all networks. Because system policy rules are processed first, they will override any access policy rules you may specifically configure that deny access from the Local Host network to the External network.

Server publishing rules

For each server publishing rule on ISA Server 2000, a corresponding server publishing rule is created on ISA Server 2004. Some properties are modified during the upgrade process, as detailed in the following table.

Property ISA Server 2000 value ISA Server 2004 value
Action IP address of server on Internal network To is set to computer object with the specific IP address.
External IP address IP address of External listener is set to the specific IP address.
Protocol Same as ISA Server 2000.
Applies To Any request Source network is set to External and From is set to All Users.
Client address sets From is set to a computer set with the specific IP addresses in the client address set.
User and group Source network is set to External and From is set to All Users.

You can configure an ISA Server 2000 registry key, UseISAAddressInPublishing, which determines whether proxying is enabled. If the registry key is configured on the ISA Server 2000 computer, the Enable proxy check box is selected on ISA Server 2004.

Note that the actual IP address of the external network adapter on the original ISA Server 2000 computer is saved in the .xml file with the configuration information. If ISA Server 2004 is installed on a different computer, you must correct the IP address after you import the .xml file.

Web publishing rules

For each Web publishing rule on ISA Server 2000, a corresponding Web publishing rule is created on ISA Server 2004. Some properties are modified during the upgrade process, as detailed in the following table.

Property ISA Server 2000 value ISA Server 2004 value
Action Discard the request Denied. Rule is ordered first after the denied access rules.
Redirect the request Allowed. To is set to the computer specified on ISA Server 2000.
Send the original request Same as ISA Server 2000. To is set to the computer specified on ISA Server 2000.
Port selection Same as ISA Server 2000, specified on the Bridging tab.
Destination All destinations Not supported. The rule is not exported. A log message is generated.
All internal Not supported. The rule is not exported. A log message is generated.
All external All requests.
Selected destination set to single IP address or domain On ISA Server 2004, more than one Web publishing rule may be created if the specified ISA Server 2000 Web publishing rule was applied to multiple public destinations.
Selected destination set to range of IP addresses Set to first IP address in the range.
All destinations except selected Not supported. The rule is not exported. A log message is generated.
Bridging HTTP to HTTP and SSL to HTTP Same.
HTTP to HTTP and SSL to SSL Same
HTTP to SSL and SSL to SSL Same.
HTTP to FTP and SSL to FTP Same.
HTTP to HTTP and SSL to FTP HTTP to HTTP and SSL to SSL.
HTTP to SSL and SSL to HTTP HTTP to HTTP and SSL to SSL.
HTTP to SSL and SSL to FTP HTTP to HTTP and SSL to SSL.
HTTP to FTP and SSL to HTTP HTTP to HTTP and SSL to SSL.
HTTP to FTP and SSL to SSL HTTP to HTTP and SSL to SSL.

On ISA Server 2000, Web listeners are implicitly assigned for each Web publishing rule. For ISA Server 2004, the Web listener is explicitly assigned to each Web publishing rule.

If an ISA Server 2000 Web publishing rule applies to more than one listener, corresponding ISA Server 2004 Web publishing rules are created for each ISA Server 2000 Web listener. For example, if an ISA Server 2000 Web publishing rule applies to three Web listeners, three ISA Server 2004 Web publishing rules are created, one for each Web listener specified in the original ISA Server 2000 Web publishing rule.

If an ISA Server 2000 Web publishing rule applies to a destination set that includes two or more different IP addresses (or domain names) and two or more different paths, ISA Server 2004 Web publishing rules are created for each pair of IP addresses and paths.

Note that the actual IP address of the external network adapter on the original ISA Server 2000 computer is saved in the .xml file with the configuration information. If ISA Server 2004 is installed on a different computer, you must correct the IP address after you import the .xml file.

In ISA Server 2000, a Web publishing rule can apply to a destination set with an empty path.

Naming conventions

The following table details the naming conventions for the new publishing rules.

ISA Server 2000 rule ISA Server 2004 rule name Example
Server publishing rule ISANumber-ISA_Rule_Name ISA12-PublishSMTP
Web publishing rule ISANumber-ISA_Rule_Name for Listener_Name for domain/path ISA13-Publishing for External IP: 122.11.223.123 for microsoft.com/foo

Back to Top


ISA Server 2000 policy elements upgrade

Most ISA Server 2000 policy elements are upgraded to ISA Server 2004, as detailed in the following sections.

Client address sets

In ISA Server 2000, client address sets included IP addresses and IP address ranges. Client address sets were used in site and content rules, and in protocol rules (and not in publishing rules).

In ISA Server 2004, client address sets are replaced by computer sets. For each ISA Server 2000 rule that applies to a client address set that is upgraded, a new computer set is created on ISA Server 2004. The upgraded rule applies to the new computer set, which includes the same IP addresses as the original client address set on ISA Server 2000.

Content groups

ISA Server 2000 content groups are upgraded directly to ISA Server 2004. If a content group with the same name exists on ISA Server 2004, the content group from ISA Server 2000 is not imported.

Destination sets

ISA Server 2000 destination sets could include computer names, IP addresses, IP address ranges, domain names, and paths on computers. The destination sets are used in site and content rules, and in publishing rules.

ISA Server 2004 does not use destination sets. Instead, other network elements were introduced, which can be used flexibly with access rules and publishing rules.

The following table describes how ISA Server 2000 destination sets are mapped to various ISA Server 2004 network objects.

ISA Server 2000 policy element ISA Server 2004 network object
Destination set with wildcards Domain name set
Destination set with path URL set
Destination set with single IP address URL set
Destination set with single IP address and with path URL set
Destination set with IP address range Computer set
Destination set with IP address range and path URL set

Note

  • If the ISA Server destination set includes more than five IP addresses, no URL set is created. In this case, a warning is included in the log file. Furthermore, if a rule applies to this destination set, the rule is not upgraded, and a message is included in the log file.

The following table shows examples of how ISA Server 2000 destination sets are upgraded.

Destination set on ISA Server 2000 Network object on ISA Server 2004
Destination set with mayah.microsoft.com Domain name set with mayah.microsoft.com
Destination set with eitanh.microsoft.com and with path foo Domain name set with eitanh.microsoft.com and
URL set with http://eitanh.microsoft.com/foo/
Destination set with IP address range 192.168.123.134 (single IP) and path foo Computer set with range 192.168.123.134 to 192.168.123.134
URL set with http://192.168.123.134/foo/
Destination set with yairh.microsoft.com and path /foo, with IP address 1.2.3.4 and path boo, and with IP address range 1.2.3.4 to 1.2.3.5 and path /home Computer set with IP address ranges 1.2.3.4 to 1.2.3.4 and IP address ranges 1.2.3.4 to 1.2.3.5.
Domain name set with yairh.microsoft.com
URL set with http://yairh.microsoft.com/foo, http://1.2.3.4/boo, http://1.2.3.4/home, and http://1.2.3.5/home

Destination sets and rules

The following table describes the ISA Server 2004 rule settings for the destination sets originally used in rules upgraded from ISA Server 2000.

ISA Server 2000 ISA Server 2004
All destinations To property is set to Anywhere.
All Internal destinations To property is set to Internal Network.
Destination network is set to Internal.
All External destinations To property is set to External Network.
Destination network is set to External.
Selected destination To property is set to computer sets, domain names, and URL sets, corresponding to the original destination set.

Protocol definitions

ISA Server 2000 included two types of protocol definitions:

The migration tool creates corresponding protocol definitions in ISA Server 2004 for all explicitly defined protocol elements. If ISA Server 2004 already has a protocol definition with the same name, the ISA Server 2000 protocol definition is not imported.

Implicitly defined protocol definitions, created by third-party application filters, are not upgraded. A warning message indicates this in the migration log file. Implicitly defined protocol definitions, used with IP packet filters, are upgraded.

Protocol definitions that cannot be identified by the migration tool are not upgraded. Any rules that apply to unidentified protocol definitions are deleted.

Schedule

ISA Server 2000 schedules upgrade directly to ISA Server 2004. Any ISA Server 2000 rule that does not have a specifically named schedule will reference the schedules created (with the same name) in ISA Server 2004.

A new schedule may be created on ISA Server 2004 when two schedules are used by a site and content rule, and by a protocol rule on ISA Server 2000.

Web listeners

ISA Server 2000 included incoming listeners and outgoing listeners on a specific IP address. In ISA Server 2004, Web listeners can be assigned an entire network, or to a specific IP address.

The incoming listeners on ISA Server 2000 are upgraded to ISA Server 2004 as Web listeners on the External network.

The default outgoing listeners on ISA Server 2000 are upgraded to ISA Server 2004 as Web listeners on the Internal network. If the the default listener is not being used, no listener is upgraded. This is noted in the log file.

Note that the actual IP address of the external network adapter on the original ISA Server 2000 computer is saved in the .xml file with the configuration information. If ISA Server 2004 is installed on a different computer, you must correct the IP address after you import the .xml file.

Naming conventions

The following table details the naming conventions for the new rule elements.

ISA Server 2000 policy element ISA Server 2004 rule element
Destination set (creates computer set) Computer set with Destination_Set_Name
Destination set (creates URL set) URL set with Destination_Set_Name
Default Web listener External default Web listener
Merged schedule ScheduleName1_ScheduleName2

Back to Top


ISA Server 2000 network and client configuration upgrade

ISA Server 2000 network and client configuration settings are upgraded to ISA Server 2004, as detailed in the following sections.

Networks

ISA Server 2000 supports only two networks: Internal and External. A perimeter network (also known as DMZ, demilitarized zone, and screened subnet) could be implied by creating packet filters to route traffic from the External network to the perimeter network.

ISA Server 2004 supports multiple networks. The following networks are created by default on ISA Server 2004:

The migration tool creates the following network rules on ISA Server 2004:

Local Domain Table

The local domain table (LDT) is migrated as is to ISA Server 2004. If the ISA Server 2000 LDT includes IP addresses, these are not migrated to ISA Server 2004.

Client settings

In ISA Server 2004, client settings are per network. ISA Server 2000 client settings are upgraded directly to the client settings on the ISA Server 2004 Internal network.

As in ISA Server 2000, ISA Server 2004 Firewall Client application settings apply to all client requests. Firewall Client application settings are upgraded directly to ISA Server 2004.

Back to Top


ISA Server 2000 dial-up, chaining, and routing configuration upgrade

Most ISA Server 2000 dial-up, chaining, and routing configuration settings are upgraded to ISA Server 2004, as detailed in the following sections.

Dial-up connections

In ISA Server 2000, multiple dial-up connections could be created, but only one dial-up connection could be active at a time. In ISA Server 2004, only a single dial-up can be created.

In ISA Server 2000, the dial-up connection was defined per Firewall client and per Web Proxy client. In ISA Server 2004, the dial-up connection is defined per network.

As part of the upgrade process, only the active dial-up connection is upgraded. It is assigned to the External network.

All other dial-up connections are not upgraded. This is noted in the upgrade log file.

Firewall chaining

ISA Server 2000 chaining configuration is upgraded directly to ISA Server 2004. The only exception is the dial-up connection specified on ISA Server 2000. On ISA Server 2004, the dial-up connection is created on the External network.

Routing rules

Each ISA Server 2000 routing rule is duplicated on ISA Server 2004, as a cache rule and as a routing rule.

The ISA Server 2004 routing rule is created with identical properties to those of the original ISA Server 2000 routing rule. The destinations specified for the ISA Server 2000 routing rule are mapped to specific networks on the To property page of the ISA Server 2004 routing rule properties.

If the ISA Server 2000 routing rule used a dial-up entry, a dial-up entry with the same properties is created on the External network of ISA Server 2004.

A new caching rule is created based on the original ISA Server 2000 routing rule. The destinations specified for the ISA Server 2000 routing rule are mapped to specific networks on the To property page of the ISA Server 2004 routing rule properties.

The following properties are not supported on ISA Server 2004 caching rules and are therefore not upgraded from the original ISA Server 2000 routing rule: bridging and action.

Back to Top


ISA Server 2000 add-in configuration upgrade

Most ISA Server 2000 access policy rules, publishing rules, and IP packet filters are upgraded to ISA Server 2004, as detailed in the following sections.

In ISA Server 2000, application filters were applied unconditionally to specific traffic. In ISA Server 2004, some filtering can be applied on a per-rule basis. The following table describes how ISA Server 2000 application filter functionality is upgraded to ISA Server 2004.

Note:

Application filter or rule ISA Server 2000 ISA Server 2004
FTP access Protocol rules applying to FTP Access rule with the Read only option of FTP filtering disabled
Protocol rules applying to FTP download Access rule with the Read only option of FTP filtering enabled
Protocol rules applying to FTP server Server publishing rule with the Read only option of FTP filtering disabled
H.323 filter Allow incoming call Filter listens on the External network
Allow outgoing calls Filter listens on the Internal network
All other configurations Same as in ISA Server 2000
HTTP redirection All configurations Not supported
RPC filter All configurations Replaced with per-rule filtering
SMTP filter SMTP commands Same as in ISA Server 2000
Attachments, users and domains, and keywords Upgraded to an SMTP server publishing rule, on a per-rule basis
SOCKS v4 filter Enabled Listen for SOCKS requests initiated from the Internal network
Streaming media MMS filter, PNM filter, and RTSP filter: any configuration Configuration same as ISA Server 2000

MMS stream splitting not supported

Configuration settings for the following application filters are upgraded directly to ISA Server 2004:

If the message screener is not installed on the computer being upgraded to ISA Server 2004, then any traffic from the message screener computer is blocked unless you specifically configure ISA Server 2004, allowing all traffic to and from the Internal network to and from the Local Host network. Similarly, you can add a rule that allows MS Firewall Control traffic from the message screener computer to the Local Host computer.

Some application filter properties are configured differently in ISA Server 2004 than in ISA Server 2000.

Note that third-party application filters are not upgraded. Similarly, any protocol definitions that are installed with the application filter are not upgraded. Any rules that apply to these protocol definitions are not upgraded.

Back to Top


ISA Server 2000 cache configuration upgrade

Most ISA Server 2000 cache configuration settings are upgraded to ISA Server 2004, as detailed in the following sections.

Caching

Most ISA Server 2000 cache properties are upgraded directly, with no change, from ISA Server 2000 to ISA Server 2004. Note the following exceptions:

The cache drive configuration is retained in ISA Server 2004. If the migration is done to a different computer, the ISA Server 2004 computer should have similar hardware and drive configuration to the original ISA Server 2000 computer.

If ISA Server 2000 was installed in cache mode, the migration tool does the following:

Schedule content download jobs

ISA Server 2000 scheduled content download jobs are upgraded directly to ISA Server 2004.

Back to Top


ISA Server 2000 Routing and Remote Access upgrade

When you install ISA Server 2004, you can upgrade the Routing and Remote Access configuration. You can upgrade the configuration to ISA Server 2004, regardless of whether ISA Server 2000 is installed on the computer.

Note the following limitations to the Routing and Remote Access configuration upgrade:

Back to Top


ISA Server 2000 Feature Pack 1 and hotfix configuration upgrade

ISA Server 2000 Feature Pack 1 introduced several new features, which are included in ISA Server 2004. Most ISA Server 2000 Feature Pack 1 configuration information is migrated directly to ISA Server 2004. Note the following exceptions:

ISA Server 2000 hotfixes

All registry keys installed as part of ISA Server 2000 hotfixes are migrated directly to ISA Server 2004.

Back to Top


Information in this document, including URL and other Internet Web site references, is subject to change without notice. Unless otherwise noted, the example companies, organizations, products, people, and events depicted herein are fictitious and no association with any real company, organization, product, person, or event is intended or should be inferred. Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft Corporation.

Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property.

© 2004 Microsoft Corporation. All rights reserved.

Microsoft, Active Directory, Outlook, Windows, Windows Media, and Windows NT are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries/regions.