Solved

How do I port forward (tcp port 3389) to an internal ip address with ISA server

Posted on 2004-08-25
4
6,070 Views
Last Modified: 2013-11-16
Hi, I am trying to port forward all Terminal Services traffic on TCP port 3389 to a internal pc on my network through a ISA Server 2000 firewall.  This is so I can get remote access to my computer whilst on the road.

I am able to connect to the ISA server via RDP but not have this traffic forwared to an internal address.

Can anyone supply a step by step instruction on how to do this.

Thanks, Andrew
0
Comment
Question by:helpbase
  • 2
4 Comments
 
LVL 3

Expert Comment

by:Julian_C
ID: 11900799
Hi Andrew

These are a couple of articles that might be just what you are looking for. You should concider changing the standard port as one of the articles illustrates.

Cheers
Julian

http://www.isaserver.org/articles/2004pubts.html      (This is for 2004 but the principles apply)

http://www.isaserver.org/tutorials/Publishing_Windows_2000_Terminal_Services_to_a_NonStandard_Port_.html
0
 
LVL 35

Accepted Solution

by:
Bembi earned 500 total points
ID: 11901164
As long as you only have one single external IP address, all traffic is delivered to your ISA by default. But you can add a server publishing rule (as described in the article from Julian) to redirect request to a single port to another machine.

The lack of this constellation is, that you can only acces thisnew machine by RDP, not anymore you ISA.

A simple solution is to leave the RDP target on your ISA, establishing a first RDP session to your ISA from outside, and then establishing a second session to the target machine within the first session. In this way, you can access any machine within your local network by using the ISA as a bridge (assumed, that a terminal server service is running on the target machine).
0
 
LVL 33

Expert Comment

by:MikeKane
ID: 11912566
To publish a Terminal server through an ISA Server requires Installs on both the ISA and Internal Host.    

This info is also located at:  http://www.isaserver.org/articles/2004pubts.html

The first step is to publish the RDP Server on the ISA firewall. I’ll assume that you have already enabled the Remote Desktop on the ISA firewall so that the ISA firewall is ready to accept incoming RDP connections.

Perform the following steps to publish the RDP server on the ISA firewall:

Open the Microsoft Internet Security and Acceleration Server 2004 management console and expand the server name. Click on the Firewall Policy node.
On the Firewall Policy node, click the Tasks tab in the Task Pane. Click the Create a New Server Publishing rule.
On the Welcome to the New Server Publishing Rule page, enter a name for the rule in the Server Publishing Rule name text box. In this example we’ll name it ISA Firewall RDP Server. Click Next.
On the Select Server page, enter the IP address of the internal interface of the ISA firewall in the Server IP address text box. In this example, we’ll enter 10.0.0.1. Click Next.
On the Select Protocol page, select the RDP (Terminal Services) Server option from the Selected protocol list. Click the Ports button.


In the Ports dialog box, select the Publish on this port instead of the default port option in the Firewall Ports frame. Enter the alternate port number in the text box. In this example, we’ll use port number 9999. Click OK.


Click Next on the Select Protocol page.
On the IP Addresses page, put a checkmark in the External checkbox and click Next.
Click Finish on the Completing the New Server Publishing Rule Wizard page.

Now we can publish the second RDP server, which is located on the Internal network. Perform the following steps to publish the second RDP server:

Open the Microsoft Internet Security and Acceleration Server 2004 management console and expand the server name. Click on the Firewall Policy node.
On the Firewall Policy node, click the Tasks tab in the Task Pane. Click the Create a New Server Publishing rule.
On the Welcome to the New Server Publishing Rule page, enter a name for the rule in the Server Publishing Rule name text box. In this example we’ll name it Internal RDP Server. Click Next.
On the Select Server page, enter the IP address of the internal interface of the ISA firewall in the Server IP address text box. In this example, we’ll enter 10.0.0.2. Click Next.
On the Select Protocol page, select the RDP (Terminal Services) Server option from the Selected protocol list. Click the Ports button.


In the Ports dialog box, select the Publish on this port instead of the default port option in the Firewall Ports frame. Enter the alternate port number in the text box. In this example, we’ll use port number 8888. Click OK.


Click Next on the Select Protocol page.
On the IP Addresses page, put a checkmark in the External checkbox and click Next.
Click Finish on the Completing the New Server Publishing Rule Wizard page.
Your Firewall Policy should look like the figure below.



Click Apply to save the changes and update the firewall policy and then click OK in the Apply New Configuration dialog box.

Testing the ISA Firewall Server Publishing Rules
Now for the fun part! Let’s test our Server Publishing Rules. First, you’ll need the RDP 5.1 or RDP 5.2 client. Either one will work. If you’re not using Windows XP or Windows Server 2003, you can download version 5.2 at http://www.microsoft.com/downloads/details.aspx?FamilyID=a8255ffc-4b4a-40e7-a706-cde7e9b57e79&displaylang=en 

We’ll connect to the RDP server on the ISA firewall first. Open the Remote Desktop Connection application and enter the IP address on the external interface of the ISA firewall and the port number you configured that Server Publishing Rule to listen on. In this case, its port 9999. It should appear as in the figure below.



It worked!









0
 
LVL 3

Expert Comment

by:Julian_C
ID: 11961864
So, did you get anywhere with this?

Cheers
Julian
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Forefront is the brand name for Microsoft's major security product. Forefront covers a number of specific security areas and has 'swallowed' a number of applications under this umbrella including Antigen, ISA Server, the Integrated Access Gateway (t…
Forefront Threat Management Gateway 2010 or FTMG comes with some very neat troubleshooting tools built-in when trying to identify what is actually happening behind the scenes within the product when traffic is passing through its interfaces. To the …
This Micro Tutorial demonstrates using Microsoft Excel pivot tables, how to reverse engineer competitors' marketing strategies through backlinks.
Learn how to create flexible layouts using relative units in CSS.  New relative units added in CSS3 include vw(viewports width), vh(viewports height), vmin(minimum of viewports height and width), and vmax (maximum of viewports height and width).

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now