How do I port forward (tcp port 3389) to an internal ip address with ISA server
Hi, I am trying to port forward all Terminal Services traffic on TCP port 3389 to a internal pc on my network through a ISA Server 2000 firewall. This is so I can get remote access to my computer whilst on the road.
I am able to connect to the ISA server via RDP but not have this traffic forwared to an internal address.
Can anyone supply a step by step instruction on how to do this.
Thanks, Andrew
I am able to connect to the ISA server via RDP but not have this traffic forwared to an internal address.
Can anyone supply a step by step instruction on how to do this.
Thanks, Andrew
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
To publish a Terminal server through an ISA Server requires Installs on both the ISA and Internal Host.
This info is also located at: http://www.isaserver.org/articles/2004pubts.html
The first step is to publish the RDP Server on the ISA firewall. I’ll assume that you have already enabled the Remote Desktop on the ISA firewall so that the ISA firewall is ready to accept incoming RDP connections.
Perform the following steps to publish the RDP server on the ISA firewall:
Open the Microsoft Internet Security and Acceleration Server 2004 management console and expand the server name. Click on the Firewall Policy node.
On the Firewall Policy node, click the Tasks tab in the Task Pane. Click the Create a New Server Publishing rule.
On the Welcome to the New Server Publishing Rule page, enter a name for the rule in the Server Publishing Rule name text box. In this example we’ll name it ISA Firewall RDP Server. Click Next.
On the Select Server page, enter the IP address of the internal interface of the ISA firewall in the Server IP address text box. In this example, we’ll enter 10.0.0.1. Click Next.
On the Select Protocol page, select the RDP (Terminal Services) Server option from the Selected protocol list. Click the Ports button.
In the Ports dialog box, select the Publish on this port instead of the default port option in the Firewall Ports frame. Enter the alternate port number in the text box. In this example, we’ll use port number 9999. Click OK.
Click Next on the Select Protocol page.
On the IP Addresses page, put a checkmark in the External checkbox and click Next.
Click Finish on the Completing the New Server Publishing Rule Wizard page.
Now we can publish the second RDP server, which is located on the Internal network. Perform the following steps to publish the second RDP server:
Open the Microsoft Internet Security and Acceleration Server 2004 management console and expand the server name. Click on the Firewall Policy node.
On the Firewall Policy node, click the Tasks tab in the Task Pane. Click the Create a New Server Publishing rule.
On the Welcome to the New Server Publishing Rule page, enter a name for the rule in the Server Publishing Rule name text box. In this example we’ll name it Internal RDP Server. Click Next.
On the Select Server page, enter the IP address of the internal interface of the ISA firewall in the Server IP address text box. In this example, we’ll enter 10.0.0.2. Click Next.
On the Select Protocol page, select the RDP (Terminal Services) Server option from the Selected protocol list. Click the Ports button.
In the Ports dialog box, select the Publish on this port instead of the default port option in the Firewall Ports frame. Enter the alternate port number in the text box. In this example, we’ll use port number 8888. Click OK.
Click Next on the Select Protocol page.
On the IP Addresses page, put a checkmark in the External checkbox and click Next.
Click Finish on the Completing the New Server Publishing Rule Wizard page.
Your Firewall Policy should look like the figure below.
Click Apply to save the changes and update the firewall policy and then click OK in the Apply New Configuration dialog box.
Testing the ISA Firewall Server Publishing Rules
Now for the fun part! Let’s test our Server Publishing Rules. First, you’ll need the RDP 5.1 or RDP 5.2 client. Either one will work. If you’re not using Windows XP or Windows Server 2003, you can download version 5.2 at http://www.microsoft.com/downloads/details.aspx?FamilyID=a8255ffc-4b4a-40e7-a706-cde7e9b57e79&displaylang=en
We’ll connect to the RDP server on the ISA firewall first. Open the Remote Desktop Connection application and enter the IP address on the external interface of the ISA firewall and the port number you configured that Server Publishing Rule to listen on. In this case, its port 9999. It should appear as in the figure below.
It worked!
This info is also located at: http://www.isaserver.org/articles/2004pubts.html
The first step is to publish the RDP Server on the ISA firewall. I’ll assume that you have already enabled the Remote Desktop on the ISA firewall so that the ISA firewall is ready to accept incoming RDP connections.
Perform the following steps to publish the RDP server on the ISA firewall:
Open the Microsoft Internet Security and Acceleration Server 2004 management console and expand the server name. Click on the Firewall Policy node.
On the Firewall Policy node, click the Tasks tab in the Task Pane. Click the Create a New Server Publishing rule.
On the Welcome to the New Server Publishing Rule page, enter a name for the rule in the Server Publishing Rule name text box. In this example we’ll name it ISA Firewall RDP Server. Click Next.
On the Select Server page, enter the IP address of the internal interface of the ISA firewall in the Server IP address text box. In this example, we’ll enter 10.0.0.1. Click Next.
On the Select Protocol page, select the RDP (Terminal Services) Server option from the Selected protocol list. Click the Ports button.
In the Ports dialog box, select the Publish on this port instead of the default port option in the Firewall Ports frame. Enter the alternate port number in the text box. In this example, we’ll use port number 9999. Click OK.
Click Next on the Select Protocol page.
On the IP Addresses page, put a checkmark in the External checkbox and click Next.
Click Finish on the Completing the New Server Publishing Rule Wizard page.
Now we can publish the second RDP server, which is located on the Internal network. Perform the following steps to publish the second RDP server:
Open the Microsoft Internet Security and Acceleration Server 2004 management console and expand the server name. Click on the Firewall Policy node.
On the Firewall Policy node, click the Tasks tab in the Task Pane. Click the Create a New Server Publishing rule.
On the Welcome to the New Server Publishing Rule page, enter a name for the rule in the Server Publishing Rule name text box. In this example we’ll name it Internal RDP Server. Click Next.
On the Select Server page, enter the IP address of the internal interface of the ISA firewall in the Server IP address text box. In this example, we’ll enter 10.0.0.2. Click Next.
On the Select Protocol page, select the RDP (Terminal Services) Server option from the Selected protocol list. Click the Ports button.
In the Ports dialog box, select the Publish on this port instead of the default port option in the Firewall Ports frame. Enter the alternate port number in the text box. In this example, we’ll use port number 8888. Click OK.
Click Next on the Select Protocol page.
On the IP Addresses page, put a checkmark in the External checkbox and click Next.
Click Finish on the Completing the New Server Publishing Rule Wizard page.
Your Firewall Policy should look like the figure below.
Click Apply to save the changes and update the firewall policy and then click OK in the Apply New Configuration dialog box.
Testing the ISA Firewall Server Publishing Rules
Now for the fun part! Let’s test our Server Publishing Rules. First, you’ll need the RDP 5.1 or RDP 5.2 client. Either one will work. If you’re not using Windows XP or Windows Server 2003, you can download version 5.2 at http://www.microsoft.com/downloads/details.aspx?FamilyID=a8255ffc-4b4a-40e7-a706-cde7e9b57e79&displaylang=en
We’ll connect to the RDP server on the ISA firewall first. Open the Remote Desktop Connection application and enter the IP address on the external interface of the ISA firewall and the port number you configured that Server Publishing Rule to listen on. In this case, its port 9999. It should appear as in the figure below.
It worked!
So, did you get anywhere with this?
Cheers
Julian
Cheers
Julian
These are a couple of articles that might be just what you are looking for. You should concider changing the standard port as one of the articles illustrates.
Cheers
Julian
http://www.isaserver.org/articles/2004pubts.html (This is for 2004 but the principles apply)
http://www.isaserver.org/tutorials/Publishing_Windows_2000_Terminal_Services_to_a_NonStandard_Port_.html