Solved

How do I port forward (tcp port 3389) to an internal ip address with ISA server

Posted on 2004-08-25
4
6,054 Views
Last Modified: 2013-11-16
Hi, I am trying to port forward all Terminal Services traffic on TCP port 3389 to a internal pc on my network through a ISA Server 2000 firewall.  This is so I can get remote access to my computer whilst on the road.

I am able to connect to the ISA server via RDP but not have this traffic forwared to an internal address.

Can anyone supply a step by step instruction on how to do this.

Thanks, Andrew
0
Comment
Question by:helpbase
  • 2
4 Comments
 
LVL 3

Expert Comment

by:Julian_C
ID: 11900799
Hi Andrew

These are a couple of articles that might be just what you are looking for. You should concider changing the standard port as one of the articles illustrates.

Cheers
Julian

http://www.isaserver.org/articles/2004pubts.html      (This is for 2004 but the principles apply)

http://www.isaserver.org/tutorials/Publishing_Windows_2000_Terminal_Services_to_a_NonStandard_Port_.html
0
 
LVL 35

Accepted Solution

by:
Bembi earned 500 total points
ID: 11901164
As long as you only have one single external IP address, all traffic is delivered to your ISA by default. But you can add a server publishing rule (as described in the article from Julian) to redirect request to a single port to another machine.

The lack of this constellation is, that you can only acces thisnew machine by RDP, not anymore you ISA.

A simple solution is to leave the RDP target on your ISA, establishing a first RDP session to your ISA from outside, and then establishing a second session to the target machine within the first session. In this way, you can access any machine within your local network by using the ISA as a bridge (assumed, that a terminal server service is running on the target machine).
0
 
LVL 33

Expert Comment

by:MikeKane
ID: 11912566
To publish a Terminal server through an ISA Server requires Installs on both the ISA and Internal Host.    

This info is also located at:  http://www.isaserver.org/articles/2004pubts.html

The first step is to publish the RDP Server on the ISA firewall. I’ll assume that you have already enabled the Remote Desktop on the ISA firewall so that the ISA firewall is ready to accept incoming RDP connections.

Perform the following steps to publish the RDP server on the ISA firewall:

Open the Microsoft Internet Security and Acceleration Server 2004 management console and expand the server name. Click on the Firewall Policy node.
On the Firewall Policy node, click the Tasks tab in the Task Pane. Click the Create a New Server Publishing rule.
On the Welcome to the New Server Publishing Rule page, enter a name for the rule in the Server Publishing Rule name text box. In this example we’ll name it ISA Firewall RDP Server. Click Next.
On the Select Server page, enter the IP address of the internal interface of the ISA firewall in the Server IP address text box. In this example, we’ll enter 10.0.0.1. Click Next.
On the Select Protocol page, select the RDP (Terminal Services) Server option from the Selected protocol list. Click the Ports button.


In the Ports dialog box, select the Publish on this port instead of the default port option in the Firewall Ports frame. Enter the alternate port number in the text box. In this example, we’ll use port number 9999. Click OK.


Click Next on the Select Protocol page.
On the IP Addresses page, put a checkmark in the External checkbox and click Next.
Click Finish on the Completing the New Server Publishing Rule Wizard page.

Now we can publish the second RDP server, which is located on the Internal network. Perform the following steps to publish the second RDP server:

Open the Microsoft Internet Security and Acceleration Server 2004 management console and expand the server name. Click on the Firewall Policy node.
On the Firewall Policy node, click the Tasks tab in the Task Pane. Click the Create a New Server Publishing rule.
On the Welcome to the New Server Publishing Rule page, enter a name for the rule in the Server Publishing Rule name text box. In this example we’ll name it Internal RDP Server. Click Next.
On the Select Server page, enter the IP address of the internal interface of the ISA firewall in the Server IP address text box. In this example, we’ll enter 10.0.0.2. Click Next.
On the Select Protocol page, select the RDP (Terminal Services) Server option from the Selected protocol list. Click the Ports button.


In the Ports dialog box, select the Publish on this port instead of the default port option in the Firewall Ports frame. Enter the alternate port number in the text box. In this example, we’ll use port number 8888. Click OK.


Click Next on the Select Protocol page.
On the IP Addresses page, put a checkmark in the External checkbox and click Next.
Click Finish on the Completing the New Server Publishing Rule Wizard page.
Your Firewall Policy should look like the figure below.



Click Apply to save the changes and update the firewall policy and then click OK in the Apply New Configuration dialog box.

Testing the ISA Firewall Server Publishing Rules
Now for the fun part! Let’s test our Server Publishing Rules. First, you’ll need the RDP 5.1 or RDP 5.2 client. Either one will work. If you’re not using Windows XP or Windows Server 2003, you can download version 5.2 at http://www.microsoft.com/downloads/details.aspx?FamilyID=a8255ffc-4b4a-40e7-a706-cde7e9b57e79&displaylang=en

We’ll connect to the RDP server on the ISA firewall first. Open the Remote Desktop Connection application and enter the IP address on the external interface of the ISA firewall and the port number you configured that Server Publishing Rule to listen on. In this case, its port 9999. It should appear as in the figure below.



It worked!









0
 
LVL 3

Expert Comment

by:Julian_C
ID: 11961864
So, did you get anywhere with this?

Cheers
Julian
0

Featured Post

Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

Join & Write a Comment

Microsoft's ISA Server has been its pre-eminent security product for about a decade and is still regarded amongst the well-informed as one of the best software firewalls and application gateways ever released, by any manufacturer. ISA Server has bee…
Forefront Threat Management Gateway 2010 or FTMG comes with some very neat troubleshooting tools built-in when trying to identify what is actually happening behind the scenes within the product when traffic is passing through its interfaces. To the …
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now