Solved

Allow RDP to tunnel from internal to external network through ISA 2006 proxy server?

Posted on 2008-06-17
6
839 Views
Last Modified: 2013-11-21
I have an ISA 2006 proxy server which internal users must go through to gain access to external/ internet resources. Since I implemented the server, internal users are unable to connect to RDP via web connections to external servers. I have modified the rule for internet access to allow the RDP protocol but this hasn't resolved it.

Looking further into it I understand that when you connect to a web RDP server, it simply downloads the ActiveX Terminal Services client and then tries to connect you as standard via 3389 to the server. I think this is where my trouble lies as by default the client machine will only direct port 21, 80 & 443 traffic to the ISA server. THis being the case, the 3389 connection is attempted directly from the client machine and hence, fails as the client machine has no direct internet access.

Is there any way I can get the RDP connection out through the proxy server? Or is there no other way than to bypass the proxy server for this whole process?

Feel free to ask me any more questions, thanks for your time!
0
Comment
Question by:bermyman
  • 2
  • 2
6 Comments
 
LVL 6

Expert Comment

by:Nyah247
ID: 21815689
Setup a live monitoring session for a single test workstation on ISA and attempt to access your RDP site.  What does the monitor say is being denied?  
0
 

Author Comment

by:bermyman
ID: 21815849
I setup live monitoring to check. I see the connections being made initially up to the point where it gets to the activex terminal services client. It's at this point that it'll begin using the TS client, which the proxy will have no record of as it's straight out port 3389.

So all live monitoring sees is the connections up to the point where the active-x control comes down. The client machine makes a separate connection to the TS server from here on - which is completely unbeknownst to the proxy as the client machine will only send ports 80,443 and 21 to the proxy.

The more I think about this the more I'm becoming convinced it's impossible. Thanks for helping though!
0
 

Author Comment

by:bermyman
ID: 21857384
Just for anyone else looking for the same solution, I think it's probably impossible to encapsulate any RDP still through 80 or 443 and telling client machines to proxy 3389 also appears impossible. The more I think about it the more i'm convinced that perhaps my expectations of the proxy server being an all singing and dancing gateway for all users were misguided. It handles the majority of web traffic fine but any FTP or RDP stuff needs to be punched through the firewall directly.

Unless anyone else has any ideas? I'll leave the question open just in case...
0
 
LVL 6

Accepted Solution

by:
Nyah247 earned 500 total points
ID: 21904059
This article may be worth a look-see:  http://www.isaserver.org/articles/2004pubts.html  Note...there is now a product made by Collective Software called ClearTunnel which will allow ISA to analyze SSL content.
0

Featured Post

What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

Join & Write a Comment

Welcome to my series of short tips on migrations. Whilst based on Microsoft migrations the same principles can be applied to any type of migration. My first tip is around source server preparation. No migration is an easy migration, there is a…
Have you considered what group policies are backwards and forwards compatible? Windows Active Directory servers and clients use group policy templates to deploy sets of policies within your domain. But, there is a catch to deploying policies. The…
Illustrator's Shape Builder tool will let you combine shapes visually and interactively. This video shows the Mac version, but the tool works the same way in Windows. To follow along with this video, you can draw your own shapes or download the file…
You have products, that come in variants and want to set different prices for them? Watch this micro tutorial that describes how to configure prices for Magento super attributes. Assigning simple products to configurable: We assigned simple products…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now