Solved

vpn to external network  ISA 2006 problem with RDP, VNC

Posted on 2009-05-11
11
823 Views
Last Modified: 2013-11-21
Hi,

I have network everything is running under win 2003 as firewall I have ISA 2006, I setup VPN connection with different network everything works fine i connected i can see shared files, i can ping all PC's but i can't connect to remote desktop, VNC and i need  to type FQDN
ping server is not working but ping server.domain.local is working fine
I have rule that pass all traffic from pc to external  and from external to that pc
In ISA logs I only see initiated connection and closed connection. In my opinion I shouldn't see nothing as I have vpn to that destination.
 
0
Comment
Question by:gowerman
  • 5
  • 5
11 Comments
 
LVL 14

Expert Comment

by:Raj-GT
ID: 24354436
1. The DNS suffix issues you were having is the expected behaviour. You have to add the remote subnet's DNS suffix as a search suffix to your network clients if you want to use the hostname to connect to the remote hosts.
Manual Method - http://www.simpledns.com/kb.aspx?kbid=1231
Group Policy - http://myitkb.net/2356

2. To allow all traffic to/from the VPN network, create a new firewall policy and allow "all outbound traffic" from "internal and vpn network" to ""internal and vpn network" for "all users"; move this policy to be the top of the policies and test again.

Thanks,
Nimal
0
 

Author Comment

by:gowerman
ID: 24355449
dosen't help that rule i opened before all trafic on all networks and still was the same
0
 
LVL 14

Expert Comment

by:Raj-GT
ID: 24355719
Is your rule allowing "All users" or "All authenticated users" access? Can you upload a screenshot of the rule please?
0
 

Author Comment

by:gowerman
ID: 24355903
ALL users
0
 
LVL 14

Expert Comment

by:Raj-GT
ID: 24356077
Are you using the FQDN to connect to RDP/VNC?
Do you have any client firewall installed on the remote site?
Can you check the policies on the remote network to see if it's allowing RDP traffic through?
0
Backup Your Microsoft Windows Server®

Backup all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

 
LVL 6

Expert Comment

by:Hisham_Elkouha
ID: 24359051
It seems to be that your ISA in not a member of the domain... is that right?

if so , try to join it  or at least disable RPC Filter in the ISA Add-ons.

Also always add Local Host to the network sets.

Make sure you enable the remote desktops to the client you want to connect.

About the VNC , you have to add a special rule for VNC ... have a look on this thread http://www.experts-exchange.com/Microsoft/Windows_Security/Q_21775220.html

Good Luck
0
 

Author Comment

by:gowerman
ID: 24361797
Can you check the policies on the remote network to see if it's allowing RDP traffic through?
where I can find that
I can use vnc and rdp when I connect to destination network from home  but not from work as Firewall in office i have isa thats way i think it's make problems.

ISA is domain member

I disabled RPC but this dosen't change nothing

I was using server.domain.local and ip address to connect same result for bought of them
0
 
LVL 14

Expert Comment

by:Raj-GT
ID: 24362303
It depends on what firewall you are using at the remote end. When you connect from home, you will be using a remote dial in profile which might be using a different security/access-list to a site-to-site vpn profile when you connect through ISA.
0
 

Author Comment

by:gowerman
ID: 24363804
I don't use site to site vpn I just dial in to client location and after i esablish vpn connection i want to connect to remote desktop and that is not working.
0
 
LVL 14

Accepted Solution

by:
Raj-GT earned 500 total points
ID: 24364090
You mentioned setting up a VPN connection with a different network! Anyway, since you launching the VPN connection from behind ISA, the policies you have should not take any effect. Everything should be routed through the tunnel from your PC to the external network. Do you have ISA Firewall Client on your PC by any chance?
0
 

Author Closing Comment

by:gowerman
ID: 31580059
Yes it was ISA firewall client. simple.

Thanks
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Have you considered what group policies are backwards and forwards compatible? Windows Active Directory servers and clients use group policy templates to deploy sets of policies within your domain. But, there is a catch to deploying policies. The…
Juniper VPN devices are a popular alternative to using Cisco products. Last year I needed to set up an international site-to-site VPN over the Internet, but the client had high security requirements -- FIPS 140. What and Why of FIPS 140 Federa…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now