I need to do port forwarding on ISA 2004, please help me i need it urgently.
This Question has been solved and asker verified All Experts Exchange premium technology solutions are available to subscription members.
Experts Exchange has been collecting answers to technology questions since 1996…3 million and counting! If you have a question, chances are we already have your answer.
If you can't find the exact answer you're looking for, ask our exclusive community of 50,000 experts. You’ll get a personalized answer from a trusted professional.
Thousands of free tech tips, tricks, how-to’s and tutorials are available in our peer reviewed articles section. See for yourself how smart our experts are, no login required.
Save solutions to your questions, answers you’ve discovered through searching plus helpful articles in your personal knowledgebase for easy future access.
Access the answers to your technology questions today.
30-day free trial. Register in 60 seconds.
Members of the expert community talk about why the experience at Experts Exchange is different than what you will find anywhere else.
Try it out and discover for yourself.
30-day free trial. Register in 60 seconds.
Join the community of experts here and help other tech pros by answering question in your area of expertise. You can earn FREE access to all Experts Exchange's premium features and resources.
hello Max.
Isa does not port forward; instead it publishes internal servers.
I'll assume it it is ISA2004 rather than isa2000
Either let us know which ports you wish to pass through ISA or alternatively, have a look here.
http://www.experts-exchang
This is another call I am working on where the user needs to 'port-forward TCP port 4489. It gives you an idea
For publishing Exchange servers, use the punlish a mail server option, for http, publish a web server etc
mstsc or remote desktop. Both use tcp port 3389.
You have two options:
1. Connect to the server via RDP/MSTSC and then remote desktop or TS from there to the necessary machines etc as if you were inside.
2. Create different protocol/port definitions for each machine and publish seperately.
ie
tcp 3389 --> Publish as 192.168.0.1
tcp 3390 --> Publish as 192.168.0.2
etc where 192.168.0.x = internal IPs of your different machines
Regards
Keith
> What is advantage of RAdmin vs Remote Desktop or Remote console?
I think, a lot of these tools like RAdmin, PCAnywhere or WinVNC are coming out of WinNT times. As the newer OS brings everything you need like RDC or Messenger and NetMeeting, most of the users are using these tools as part of the OS and free of charge. What may be a reason for other tools is the fact, that RDC is a terminal server session and the currently logged on user can not see, what you are doing. Means, two persons are connected independedn from each other on one single machine. With WinVNC for example, the user can see, what you are doing (I think RAdmin as well). This may be good for showing the user, what is to do.
RDC has one advantage, that either you can make a direct connection to a client and secondary, that there are different implementations. The peer connections method (= No. 2 of Keith) has the problem, that this is only intended for internal use. For publishing throug a firewall, you have to open one port for each client machine, what is not recomended.
A common used way is to establish a cascaded connection, as Keith stated before, from outside to the server and from there a second internal connection to the client (tsweb or MSTSC). (also stated by Keith)
The last option is to use RDC via the microsoft servers. All XP clients have the option to request a RDC connection. In this scenario, the clients connects to a MS server and informs the requested supporter. This supporter then can establish also a connection which is then redirected by the MS server. This method simplifies the peer to peer connection, as it is a outgoing request from the client and therefore a route exists bridged by the public MS server (as long as ISA allows this).
Last option may be fail, if clients are behind NAT routers with dynamic IPs, as this may also depend on the router settings.
keith_alabaster Some reason your solution doesn't work. When I do :3389 I am grited by server. I created rule for 3390, but it doesnt work, I did exactly the same as you recommended to guy on http://www.experts-exchang
i use MSTSC
Have you allowed 3390 through your external firewall/router to the ISA server?
Have you published TS on 3390 also in the ISA server? When you did the publish and selected your RDP on port 3390, did you change the port setting to forward it on to the client on 3389? Remember you are receiving it on 3390 from the outside then ISA must forward to the selected workstation/server as 3389.
ok mate, its no problem
Open the GUI select firewall policy.
right-click it and select - new - server publishing rule.
Give it a name and click next
enter the internal server ip - next
Select RDP (terminal services) # same as you did for the 3389 one
this time though select ports # you already have ISA listening on 3389 so we need a new one
In the firewall port box, select this port instead and enter in 3390
In the publishing port, select send to this port instead and enter in 3389
select OK
Now carry on as normal
select next
select finish
Your new protocol should now appear in the windo
select next.
select External in the networks list
select finish and apply the policy
Select monitoring - logging - click start query
Try your connection
Job Done
Not a problem mate. Its a big subject. Just take it one step at a time and ask if you need help.
The protocol is already there. (RDP Terminal services) All we are doing is saying use the same protocol but for the second instance, listen on 3390 and then forward it internall y to this machine (the IP address you entered) using 3389. Then again for the third machine, listen using the RDP terminal services protocol but this time on 3391 then forward it to the (next ip address etc) on 3389
Regards
Keith
The machine must be switched on.
On the machine you are tring to take over, it must have remote desktop enabled.
right-click the my computer icon.
Select the remote tab
Tick enable remote desktop on this computer
Tick enable remote assistance if you wish although I have not used that function so cannot really comment on that.
Yes it is available, the way i do remote now, is logging in to server and then from server i can get to any computer... but now i need to permit access to some of my employees i do not want them to log in to server....
I have tried what you wrote, but it doesnt work. It might be because person is using computer and it locked.... Will keep you posted.. thanks for helping me...
If you use RDC on a client, the currently logged on user is logged off. And if a admin is loogin oin on the client during the session, the session is killed.
What works on a server work different on a client, as only on user can be logged on at a time. I think, this is not realy what you want, right?
I think we come back to messenger with work as expected or to another Programm like VNC.
Check your client again:
- right-click the my computer icon - properties
- tab "remote"
- make sure "remote desktop on this computer" is enabled (2. Option)
- You can also allow the use to request remote help (1. Option)
Also make sure, if the windows firewall in enabled, that Remotedesktop is allowed (nevertheless you don not need a local firewall on the clients behind ISA).
You can check it by telnet clientname 3389
- If you get nothing and a timeout after a while, the connection is ok, otherwise you get a messegae at one, that the connection is refused.
Check this first from inside the network to make sure, it is working in general, so we can seperate, if your problem is a connection problem or an ISA issue.
You also need use the domain administrator's account to log on to client workstation. You also need permit rdp traffic on your ISA 2004 policy settings.
I met the same problem as yours, i could log on to the server using VPN, but i could not log on to my workstations. You need check many settings such as domain users' permission, you need enable the remote logon permission on Actory directory also.
good luck
Business Accounts
Answer for Membership
by: BembiPosted on 2006-03-14 at 19:52:50ID: 16190992
Depends on, what you mean. The Port forwarding in ISA means usually, ISA listens on an external port and redirects the traffic to an internal server on the same or on a different port. This is a server publishing rule, where you can select predefined protocols or dedicated listener and forwarding ports.
Is this, what yopu mean?