Solved

Terminal Server access through ISA 2006

Posted on 2010-08-17
5
538 Views
Last Modified: 2013-11-21
Hi Guys,

I configured a terminal server on a Windows 2003 box, all went well and the terminal server is accessible over the LAN.  However, I am trying to configure the ISA firewall to allow connections from the internet, but I keep getting log entry, ACTION:  "denied connection" for the new ISA rule I created for TS.

I created an Access Rule in ISA with source:  "the Internet" and destination:  "IP that of the terminal server".

With RDP port enabled "outbound".  
When I change to "inbound" no log entries appear, and access to the TS still fails.
0
Comment
Question by:Rupert Eghardt
  • 3
  • 2
5 Comments
 
LVL 51

Accepted Solution

by:
Keith Alabaster earned 500 total points
ID: 33461576
Need to publish the RDP service using a non-web-server publishing rule instead of an access rule to cover the RDP traffic that is initiated from the Internet and is inbound.
An access rule for RDP from internal to external will cover RDP traffic that is initiated from the internal network
0
 

Author Comment

by:Rupert Eghardt
ID: 33461948
Thanks keith, could you perhaps just explain why an access rule won't work, and the reason why a non-web-server "PUBLISHING" rule is required?   What is the general consensus regarding the use of "access rule" v/s "non-web-server publishing rule".

0
 
LVL 51

Assisted Solution

by:Keith Alabaster
Keith Alabaster earned 500 total points
ID: 33469061
An access rule is traditionally used for outbound connections i.e. traffic leaving a network that is more secure than the network to which the traffic is destined.
A publishing rule is used to create a 'fronting' connection point for a service that is hosted on a network that is considered by ISA or FTMG as more secure than the requesting device.

I have indicated a non-web-server publishing rule on the assumption that you are using port 3389, the traditional Terminal Services port. Port 3389 is not a proxyable protocol therefore would use a non web-server publishing rule. If you are using TS Gateway over port 443 then you would use a web publishing rule.

If the relationship between two interfaces defined within ISA or FTMG is routed rather than natted then access rules can be used but require to be made in both directions - one for each outbound traffic flow.
0
 

Author Comment

by:Rupert Eghardt
ID: 33472803
Thanks Keith,

I'ts working.  I just had to tick the box for "Requests appear to come from the ISA server computer.

* I believe, if we want to publish TSWEB for the terminal server access, we will have to create a "web-publishing" rule instead?
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 33472823
Correct
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
Wireshark 7 53
WAN IP Conflict on Sonicwall 5 58
how to access my server 9 28
Slow internet - due to unknown uploads 9 58
There are several problems reported according slow link speeds or poor performance in TMG 2010, UAG 2010 or ISA 2006. I want to collect here some of the common issues together to give a brief overview what can be the reason. Nevertheless, not all of…
Common practice undertaken by most system administrators is to document the configurations and final solutions of anything performed by them for their future use and reference. So here I am going to explain how to export ISA Server 2004 Firewall pol…
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now