Access Security DVR from Behind ISA 2004 Over the Internet - Having Major Troubles!!!

My question is as follows:

We have a security camera DVR setup on our LAN  ip:  Can access it over the LAN No Problems.

SBS 2003 Server with 2 nics  Running ISA 2004

DVR ( - SBS Box/ISA 2004 ( - Router(Linksys) - ASDL Modem - Netopia - Internet

I want to be able to have access from the internet back into the DVR to view Remotely - I would like it to be on a port that would redirect to the DVR on the Lan

Everfocus ESDR900F DVR access is via web browser locally open and works fine.

How do I set this up to say come in from the internet to and have that forward through ISA to the DVR box and have it work with ISA to relay the information back out to the client who is trying to view the DVR?

XXXX = any port that we assign to forward to the internal DVR address on the LAN

Also the DVR needs certain ports open to work properly -
They List:

80, 1111, 2222, 3333, 4444, 6666

Can this be done in ISA 2004 and how to go about resolving the issue?

I'm guessing that some sort of redirect has to take place?

I'm guessing some sort of Protocol Rules?

I'm guessing some sort of Webserver Rules?

Please advise as we are stuck on this issue and do not know how to resolve

Who is Participating?
Dude you're scarring me now - Microsoft ISA Server Management ...START> ALL PROGRAMS> Micrsosoft ISA Server  *Go here and spend 8-24 hours 1st...

Like above "Click on Firewall Policy (left) then Create New Server Publishing Rule - feed it the data, ports and IP you want.  Stay away from ports SBS uses (25,80,443,444,3389,4125)

And don't forget to opne those ports in the lInksys above SBS.

The VPN is the better way.  Just download the Connection Manager in SBS .  Go to https://sbserver/Remote 

Good luck...
Hey Wojohowitz :-)

The best solution is to just use Remote Web Workplace, Connect to a Client Desktop (or server) and type - done.

The hard and NOT safe way is to publish everything in ISA.  Click on Firewall Policy then Publish a Webserver to forward port 80 traffic to .  Then you would have to publish all the other ports (1111, 2222, 3333, 4444, 6666) under Create New Server Publishing Rule.

You would then have to re-run the famous CEICW and open up port 80 as well under firewall - and this is where the problems would start.  BACKUP!!!

Note - if your company is hosting its website or SBS is using port 80 you cannot do this on SBS/ISA.  The website needs to be on port :80 @ on the SBS Server - if you move port 80 to it would break.

Additionally, you have a weird setup if you are using 2 nics and a Linksys rotuer above that.  The Linksys would need all the ports open as well  80, 1111, 2222, 3333, 4444, 6666 (much easier than in ISA though!)

As a security admin and SBS Specialist I would NOT do this.  Opening Port 80 is a bad idea on SBS.  Use the Remote Web Workplace via the VPN


WojohowitzAuthor Commented:

I forgot to mention that I could change the http 80 on the DVR to anything I choose - example 9090 etc....

If I do that would that solve the port 80 problem to the DVR

So could I just re-route the traffic that comes into say our and have it point to the DVR machine on the LAN?

1 NIC for LAN    

1 NIC for WAN

ISA Locks everything up as far as I can tell,  how would I do that redirect so that when I put in it would send it on to the right machine on SBS.

and on ISA would the 1111,2222,3333,4444,6666 be an inbound TCP or outbound TCP Rule

Thanks for taking a crack at this for me.


Yup, and create the new ports and rules for Inbound.

I would use 1110,1111 and forward to (then test - if needed open 2222,3333...)

The more I think about this you could also just make a VPN connection and hit - no RWW needed!

If you have a Linksys above the WAN nic you have to open the ports there as well.  You probably have UPnP turned on and have just been getting lucky so far as the CEICW has been modifying it.  On the Linksys you would now have to open 1110,1111 and forward to SBS ( and then SBS would forward to
WojohowitzAuthor Commented:

I guess my question i as follows:

How or where to create the new ports in ISA or SBS and then how to configure the rules? and then how to forward the initial request to

and does it matter what port?

Don't want to use the VPN for access

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.