ISA 2004 issues with remote desktop connecting through LAN
Posted on 2006-05-17
I am running ISA server as an Internet gateway to two local LAN's. I have multiple external IPs terminating on the Public NIC of the ISA server. And two local subnets running on two other NICs in the ISA server. Both these local LAN's have the IP of the ISA server NIC they are connected to as their default gateway ie 192.168.1.253 and 192.168.2.253
I can easily route all incoming traffic such as SMTP, POP, remote desktop etc based on the incoming IP to the correct servers on either of the two local LAN's. That works fine. I can also remote desktop locally to any of the other servers in either of the two subnets. But locally from either of the two local LANs I am completely unable to remote desktop into the ISA server itself. I get a client could not connect error. It would seem to me that this should be a fairly simple problem and i keep looking at the way I have set it up and wonder why it doesn’t work! But here is what I have done anyway.
I have created an access rule"
"Allow" "rdp terminal services" and "rdp terminal services server" FROM "all networks and local host" TO "all networks and local host".
Then I created a server publishing rule:
"allow" "rdp terminal services server" FROM "Anywhere" TO, I have tried the local IP's that the ISA servers NICS are configured to such as 192.168.1.253 and 192.168.2.253 and I have tried 127.0.0.1. none seem to work. I have also tried both settings such as "requests appear to come from original client" or "requests appear to come from ISA server" Since I am only trying to connect locally the choice to have the requests appear to come from the original client makes most sense to me but I do not know which setting is correct in this case. Then for networks to listen on I chose “internal and local host”.
I get no errors in the monitoring window after applying these setting and yet if I try locally when connected to either local LAN and connect remote desktop to 192.168.1.253 or 192.168.2.253 it will not connect! I also cannot telnet to port 3389 on the ISA server from either of the two LAN's. I have also double checked that remote desktop is on.
Please help me resolve this issue! It might be something very simple I have missed and am doing wrong or I might be going about this in completely the wrong way! Either way I’m happy for any help and advice!