Solved

Cannot RDP to ISA server from external connection.

Posted on 2009-04-12
8
765 Views
Last Modified: 2012-05-06
Windows SBS 2003 has ISA installed, and used to route RDP requests to a terminal server.  I would like to provide remote access directly to the SBS server instead now.  The router IP is 10.0.0.1, the external NIC on the SBS is 10.0.0.253 (internal is 192.168... but not used anymore).  In the router, I enable RDP to 10.0.0.253 (port 3389).  Yet I cannot RDP to the server from an external connection.  Even if I stop the ISA and Windows Firewall services, I still cannot RDP to to the server from an external connection.  Internal RDP connections work fine if I plug in to the 192.168.... line.  What is preventing me from RDPing to the SBS server?  
0
Comment
Question by:RadRichie
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
8 Comments
 
LVL 12

Expert Comment

by:coredatarecovery
ID: 24127252
The external nic at 10.0.0.253 is an internal address.

You MUST forward your External packets for port 3389 on the physical Internet address side of the firewall to your 10.0.0.253 internal address.

Can you log into your firewall device?
0
 
LVL 12

Expert Comment

by:coredatarecovery
ID: 24127623
you need to add a pass thru for port 3389 in your firewall to forward your packets to your internal ip address of the server.

10.x.x.x is a private address.

If you need you IP address http://www.coredatarecovery.com/ip.shtml will echo back your IP address

This is the IP address (Once the pass thru is setup that will be used from outside to access the rdp)

you can check your connection with a port scan from the web at www.grc.com

0
 
LVL 1

Author Comment

by:RadRichie
ID: 24129231
The router advanced settings have RDP mapped to 10.0.0.253, the "external" IP from ISA's perspective.
If I turn off the MIcrosoft firewall service, I can RDP from the server to itself (10.0.0.253), but not to it from an external line.  
0
How to Defend Against the WCry Ransomware Attack

On May 12, 2017, an extremely virulent ransomware variant named WCry 2.0 began to infect organizations. Within several hours, over 75,000 victims were reported in 90+ countries. Learn more from our research team about this threat & how to protect your organization!

 
LVL 1

Author Comment

by:RadRichie
ID: 24129474
This is fixed.  ISA server had one of many RDP rules that mapped RDP to the old terminal server.  Once the IP address in that rule was changed to the SBS, RDP from external worked fine.
0
 
LVL 12

Expert Comment

by:coredatarecovery
ID: 24129821
Very Cool.
0
 
LVL 12

Expert Comment

by:coredatarecovery
ID: 24129878
I'm glad to have been of service to you.
0
 

Accepted Solution

by:
ee_auto earned 0 total points
ID: 25216760
Question PAQ'd, 300 points refunded, and stored in the solution database.
0

Featured Post

DevOps Toolchain Recommendations

Read this Gartner Research Note and discover how your IT organization can automate and optimize DevOps processes using a toolchain architecture.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

If you are like regular user of computer nowadays, a good bet that your home computer is on right now, all exposed to world of Internet to be exploited by somebody you do not know and you never will. Internet security issues has been getting worse d…
There are several problems reported according slow link speeds or poor performance in TMG 2010, UAG 2010 or ISA 2006. I want to collect here some of the common issues together to give a brief overview what can be the reason. Nevertheless, not all of…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

759 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question