[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

vpn to external network  ISA 2006 problem with RDP, VNC

Posted on 2009-05-11
11
Medium Priority
?
869 Views
Last Modified: 2013-11-21
Hi,

I have network everything is running under win 2003 as firewall I have ISA 2006, I setup VPN connection with different network everything works fine i connected i can see shared files, i can ping all PC's but i can't connect to remote desktop, VNC and i need  to type FQDN
ping server is not working but ping server.domain.local is working fine
I have rule that pass all traffic from pc to external  and from external to that pc
In ISA logs I only see initiated connection and closed connection. In my opinion I shouldn't see nothing as I have vpn to that destination.
 
0
Comment
Question by:gowerman
  • 5
  • 5
11 Comments
 
LVL 15

Expert Comment

by:Raj-GT
ID: 24354436
1. The DNS suffix issues you were having is the expected behaviour. You have to add the remote subnet's DNS suffix as a search suffix to your network clients if you want to use the hostname to connect to the remote hosts.
Manual Method - http://www.simpledns.com/kb.aspx?kbid=1231
Group Policy - http://myitkb.net/2356

2. To allow all traffic to/from the VPN network, create a new firewall policy and allow "all outbound traffic" from "internal and vpn network" to ""internal and vpn network" for "all users"; move this policy to be the top of the policies and test again.

Thanks,
Nimal
0
 

Author Comment

by:gowerman
ID: 24355449
dosen't help that rule i opened before all trafic on all networks and still was the same
0
 
LVL 15

Expert Comment

by:Raj-GT
ID: 24355719
Is your rule allowing "All users" or "All authenticated users" access? Can you upload a screenshot of the rule please?
0
New Tabletop Appliances Blow Competitors Away!

WatchGuard’s new T15, T35 and T55 tabletop UTMs provide the highest-performing security inspection in their class, allowing users at small offices, home offices and distributed enterprises to experience blazing-fast Internet speeds without sacrificing enterprise-grade security.

 

Author Comment

by:gowerman
ID: 24355903
ALL users
0
 
LVL 15

Expert Comment

by:Raj-GT
ID: 24356077
Are you using the FQDN to connect to RDP/VNC?
Do you have any client firewall installed on the remote site?
Can you check the policies on the remote network to see if it's allowing RDP traffic through?
0
 
LVL 6

Expert Comment

by:Hisham_Elkouha
ID: 24359051
It seems to be that your ISA in not a member of the domain... is that right?

if so , try to join it  or at least disable RPC Filter in the ISA Add-ons.

Also always add Local Host to the network sets.

Make sure you enable the remote desktops to the client you want to connect.

About the VNC , you have to add a special rule for VNC ... have a look on this thread http://www.experts-exchange.com/Microsoft/Windows_Security/Q_21775220.html

Good Luck
0
 

Author Comment

by:gowerman
ID: 24361797
Can you check the policies on the remote network to see if it's allowing RDP traffic through?
where I can find that
I can use vnc and rdp when I connect to destination network from home  but not from work as Firewall in office i have isa thats way i think it's make problems.

ISA is domain member

I disabled RPC but this dosen't change nothing

I was using server.domain.local and ip address to connect same result for bought of them
0
 
LVL 15

Expert Comment

by:Raj-GT
ID: 24362303
It depends on what firewall you are using at the remote end. When you connect from home, you will be using a remote dial in profile which might be using a different security/access-list to a site-to-site vpn profile when you connect through ISA.
0
 

Author Comment

by:gowerman
ID: 24363804
I don't use site to site vpn I just dial in to client location and after i esablish vpn connection i want to connect to remote desktop and that is not working.
0
 
LVL 15

Accepted Solution

by:
Raj-GT earned 2000 total points
ID: 24364090
You mentioned setting up a VPN connection with a different network! Anyway, since you launching the VPN connection from behind ISA, the policies you have should not take any effect. Everything should be routed through the tunnel from your PC to the external network. Do you have ISA Firewall Client on your PC by any chance?
0
 

Author Closing Comment

by:gowerman
ID: 31580059
Yes it was ISA firewall client. simple.

Thanks
0

Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

So the following errors occurs in 2 ways that I am aware of at this stage, and you receive one of the following error messages: ERROR 1. When trying to save a rule: No Web listener is specified for the Web publishing rule Autodiscovery Publishin…
There are several problems reported according slow link speeds or poor performance in TMG 2010, UAG 2010 or ISA 2006. I want to collect here some of the common issues together to give a brief overview what can be the reason. Nevertheless, not all of…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

872 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question