Access Security DVR from Behind ISA 2004 Over the Internet - Having Major Troubles!!!

Posted on 2006-05-11
Last Modified: 2013-11-16
My question is as follows:

We have a security camera DVR setup on our LAN  ip:  Can access it over the LAN No Problems.

SBS 2003 Server with 2 nics  Running ISA 2004

DVR ( - SBS Box/ISA 2004 ( - Router(Linksys) - ASDL Modem - Netopia - Internet

I want to be able to have access from the internet back into the DVR to view Remotely - I would like it to be on a port that would redirect to the DVR on the Lan

Everfocus ESDR900F DVR access is via web browser locally open and works fine.

How do I set this up to say come in from the internet to and have that forward through ISA to the DVR box and have it work with ISA to relay the information back out to the client who is trying to view the DVR?

XXXX = any port that we assign to forward to the internal DVR address on the LAN

Also the DVR needs certain ports open to work properly -
They List:

80, 1111, 2222, 3333, 4444, 6666

Can this be done in ISA 2004 and how to go about resolving the issue?

I'm guessing that some sort of redirect has to take place?

I'm guessing some sort of Protocol Rules?

I'm guessing some sort of Webserver Rules?

Please advise as we are stuck on this issue and do not know how to resolve

Question by:Wojohowitz
    LVL 4

    Expert Comment

    Hey Wojohowitz :-)

    The best solution is to just use Remote Web Workplace, Connect to a Client Desktop (or server) and type - done.

    The hard and NOT safe way is to publish everything in ISA.  Click on Firewall Policy then Publish a Webserver to forward port 80 traffic to .  Then you would have to publish all the other ports (1111, 2222, 3333, 4444, 6666) under Create New Server Publishing Rule.

    You would then have to re-run the famous CEICW and open up port 80 as well under firewall - and this is where the problems would start.  BACKUP!!!

    Note - if your company is hosting its website or SBS is using port 80 you cannot do this on SBS/ISA.  The website needs to be on port :80 @ on the SBS Server - if you move port 80 to it would break.

    Additionally, you have a weird setup if you are using 2 nics and a Linksys rotuer above that.  The Linksys would need all the ports open as well  80, 1111, 2222, 3333, 4444, 6666 (much easier than in ISA though!)

    As a security admin and SBS Specialist I would NOT do this.  Opening Port 80 is a bad idea on SBS.  Use the Remote Web Workplace via the VPN



    Author Comment


    I forgot to mention that I could change the http 80 on the DVR to anything I choose - example 9090 etc....

    If I do that would that solve the port 80 problem to the DVR

    So could I just re-route the traffic that comes into say our and have it point to the DVR machine on the LAN?

    1 NIC for LAN    

    1 NIC for WAN

    ISA Locks everything up as far as I can tell,  how would I do that redirect so that when I put in it would send it on to the right machine on SBS.

    and on ISA would the 1111,2222,3333,4444,6666 be an inbound TCP or outbound TCP Rule

    Thanks for taking a crack at this for me.


    LVL 4

    Expert Comment

    Yup, and create the new ports and rules for Inbound.

    I would use 1110,1111 and forward to (then test - if needed open 2222,3333...)

    The more I think about this you could also just make a VPN connection and hit - no RWW needed!

    If you have a Linksys above the WAN nic you have to open the ports there as well.  You probably have UPnP turned on and have just been getting lucky so far as the CEICW has been modifying it.  On the Linksys you would now have to open 1110,1111 and forward to SBS ( and then SBS would forward to

    Author Comment


    I guess my question i as follows:

    How or where to create the new ports in ISA or SBS and then how to configure the rules? and then how to forward the initial request to

    and does it matter what port?

    Don't want to use the VPN for access

    LVL 4

    Accepted Solution

    Dude you're scarring me now - Microsoft ISA Server Management ...START> ALL PROGRAMS> Micrsosoft ISA Server  *Go here and spend 8-24 hours 1st...

    Like above "Click on Firewall Policy (left) then Create New Server Publishing Rule - feed it the data, ports and IP you want.  Stay away from ports SBS uses (25,80,443,444,3389,4125)

    And don't forget to opne those ports in the lInksys above SBS.

    The VPN is the better way.  Just download the Connection Manager in SBS .  Go to https://sbserver/Remote

    Good luck...

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Free camera licenses with purchase of My Cloud NAS

    Milestone Arcus software is compatible with thousands of industry-leading cameras for added flexibility. Upon installation on your My Cloud NAS, you will receive two (2) camera licenses already enabled in the software. And for a limited time, get additional camera licenses FREE.

    Common practice undertaken by most system administrators is to document the configurations and final solutions of anything performed by them for their future use and reference. So here I am going to explain how to export ISA Server 2004 Firewall pol…
    Let’s list some of the technologies that enable smooth teleworking. 
    Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
    In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor ( If you're interested in additional methods for monitoring bandwidt…

    761 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    15 Experts available now in Live!

    Get 1:1 Help Now