vpn to external network ISA 2006 problem with RDP, VNC

Hi,

I have network everything is running under win 2003 as firewall I have ISA 2006, I setup VPN connection with different network everything works fine i connected i can see shared files, i can ping all PC's but i can't connect to remote desktop, VNC and i need  to type FQDN
ping server is not working but ping server.domain.local is working fine
I have rule that pass all traffic from pc to external  and from external to that pc
In ISA logs I only see initiated connection and closed connection. In my opinion I shouldn't see nothing as I have vpn to that destination.
 
gowermanAsked:
Who is Participating?
 
Raj-GTSystems EngineerCommented:
You mentioned setting up a VPN connection with a different network! Anyway, since you launching the VPN connection from behind ISA, the policies you have should not take any effect. Everything should be routed through the tunnel from your PC to the external network. Do you have ISA Firewall Client on your PC by any chance?
0
 
Raj-GTSystems EngineerCommented:
1. The DNS suffix issues you were having is the expected behaviour. You have to add the remote subnet's DNS suffix as a search suffix to your network clients if you want to use the hostname to connect to the remote hosts.
Manual Method - http://www.simpledns.com/kb.aspx?kbid=1231
Group Policy - http://myitkb.net/2356

2. To allow all traffic to/from the VPN network, create a new firewall policy and allow "all outbound traffic" from "internal and vpn network" to ""internal and vpn network" for "all users"; move this policy to be the top of the policies and test again.

Thanks,
Nimal
0
 
gowermanAuthor Commented:
dosen't help that rule i opened before all trafic on all networks and still was the same
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

 
Raj-GTSystems EngineerCommented:
Is your rule allowing "All users" or "All authenticated users" access? Can you upload a screenshot of the rule please?
0
 
gowermanAuthor Commented:
ALL users
0
 
Raj-GTSystems EngineerCommented:
Are you using the FQDN to connect to RDP/VNC?
Do you have any client firewall installed on the remote site?
Can you check the policies on the remote network to see if it's allowing RDP traffic through?
0
 
Hisham_ElkouhaCommented:
It seems to be that your ISA in not a member of the domain... is that right?

if so , try to join it  or at least disable RPC Filter in the ISA Add-ons.

Also always add Local Host to the network sets.

Make sure you enable the remote desktops to the client you want to connect.

About the VNC , you have to add a special rule for VNC ... have a look on this thread http://www.experts-exchange.com/Microsoft/Windows_Security/Q_21775220.html

Good Luck
0
 
gowermanAuthor Commented:
Can you check the policies on the remote network to see if it's allowing RDP traffic through?
where I can find that
I can use vnc and rdp when I connect to destination network from home  but not from work as Firewall in office i have isa thats way i think it's make problems.

ISA is domain member

I disabled RPC but this dosen't change nothing

I was using server.domain.local and ip address to connect same result for bought of them
0
 
Raj-GTSystems EngineerCommented:
It depends on what firewall you are using at the remote end. When you connect from home, you will be using a remote dial in profile which might be using a different security/access-list to a site-to-site vpn profile when you connect through ISA.
0
 
gowermanAuthor Commented:
I don't use site to site vpn I just dial in to client location and after i esablish vpn connection i want to connect to remote desktop and that is not working.
0
 
gowermanAuthor Commented:
Yes it was ISA firewall client. simple.

Thanks
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.