gowerman
asked on
vpn to external network ISA 2006 problem with RDP, VNC
Hi,
I have network everything is running under win 2003 as firewall I have ISA 2006, I setup VPN connection with different network everything works fine i connected i can see shared files, i can ping all PC's but i can't connect to remote desktop, VNC and i need to type FQDN
ping server is not working but ping server.domain.local is working fine
I have rule that pass all traffic from pc to external and from external to that pc
In ISA logs I only see initiated connection and closed connection. In my opinion I shouldn't see nothing as I have vpn to that destination.
I have network everything is running under win 2003 as firewall I have ISA 2006, I setup VPN connection with different network everything works fine i connected i can see shared files, i can ping all PC's but i can't connect to remote desktop, VNC and i need to type FQDN
ping server is not working but ping server.domain.local is working fine
I have rule that pass all traffic from pc to external and from external to that pc
In ISA logs I only see initiated connection and closed connection. In my opinion I shouldn't see nothing as I have vpn to that destination.
ASKER
dosen't help that rule i opened before all trafic on all networks and still was the same
Is your rule allowing "All users" or "All authenticated users" access? Can you upload a screenshot of the rule please?
ASKER
ALL users
Are you using the FQDN to connect to RDP/VNC?
Do you have any client firewall installed on the remote site?
Can you check the policies on the remote network to see if it's allowing RDP traffic through?
Do you have any client firewall installed on the remote site?
Can you check the policies on the remote network to see if it's allowing RDP traffic through?
It seems to be that your ISA in not a member of the domain... is that right?
if so , try to join it or at least disable RPC Filter in the ISA Add-ons.
Also always add Local Host to the network sets.
Make sure you enable the remote desktops to the client you want to connect.
About the VNC , you have to add a special rule for VNC ... have a look on this thread https://www.experts-exchange.com/questions/21775220/How-to-setup-ISA-Server-2004-for-Real-VNC.html
Good Luck
if so , try to join it or at least disable RPC Filter in the ISA Add-ons.
Also always add Local Host to the network sets.
Make sure you enable the remote desktops to the client you want to connect.
About the VNC , you have to add a special rule for VNC ... have a look on this thread https://www.experts-exchange.com/questions/21775220/How-to-setup-ISA-Server-2004-for-Real-VNC.html
Good Luck
ASKER
Can you check the policies on the remote network to see if it's allowing RDP traffic through?
where I can find that
I can use vnc and rdp when I connect to destination network from home but not from work as Firewall in office i have isa thats way i think it's make problems.
ISA is domain member
I disabled RPC but this dosen't change nothing
I was using server.domain.local and ip address to connect same result for bought of them
where I can find that
I can use vnc and rdp when I connect to destination network from home but not from work as Firewall in office i have isa thats way i think it's make problems.
ISA is domain member
I disabled RPC but this dosen't change nothing
I was using server.domain.local and ip address to connect same result for bought of them
It depends on what firewall you are using at the remote end. When you connect from home, you will be using a remote dial in profile which might be using a different security/access-list to a site-to-site vpn profile when you connect through ISA.
ASKER
I don't use site to site vpn I just dial in to client location and after i esablish vpn connection i want to connect to remote desktop and that is not working.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Yes it was ISA firewall client. simple.
Thanks
Thanks
Manual Method - http://www.simpledns.com/kb.aspx?kbid=1231
Group Policy - http://myitkb.net/2356
2. To allow all traffic to/from the VPN network, create a new firewall policy and allow "all outbound traffic" from "internal and vpn network" to ""internal and vpn network" for "all users"; move this policy to be the top of the policies and test again.
Thanks,
Nimal