Solved

Terminal Server access through ISA 2006

Posted on 2010-08-17
5
574 Views
Last Modified: 2013-11-21
Hi Guys,

I configured a terminal server on a Windows 2003 box, all went well and the terminal server is accessible over the LAN.  However, I am trying to configure the ISA firewall to allow connections from the internet, but I keep getting log entry, ACTION:  "denied connection" for the new ISA rule I created for TS.

I created an Access Rule in ISA with source:  "the Internet" and destination:  "IP that of the terminal server".

With RDP port enabled "outbound".  
When I change to "inbound" no log entries appear, and access to the TS still fails.
0
Comment
Question by:Rupert Eghardt
  • 3
  • 2
5 Comments
 
LVL 51

Accepted Solution

by:
Keith Alabaster earned 500 total points
ID: 33461576
Need to publish the RDP service using a non-web-server publishing rule instead of an access rule to cover the RDP traffic that is initiated from the Internet and is inbound.
An access rule for RDP from internal to external will cover RDP traffic that is initiated from the internal network
0
 

Author Comment

by:Rupert Eghardt
ID: 33461948
Thanks keith, could you perhaps just explain why an access rule won't work, and the reason why a non-web-server "PUBLISHING" rule is required?   What is the general consensus regarding the use of "access rule" v/s "non-web-server publishing rule".

0
 
LVL 51

Assisted Solution

by:Keith Alabaster
Keith Alabaster earned 500 total points
ID: 33469061
An access rule is traditionally used for outbound connections i.e. traffic leaving a network that is more secure than the network to which the traffic is destined.
A publishing rule is used to create a 'fronting' connection point for a service that is hosted on a network that is considered by ISA or FTMG as more secure than the requesting device.

I have indicated a non-web-server publishing rule on the assumption that you are using port 3389, the traditional Terminal Services port. Port 3389 is not a proxyable protocol therefore would use a non web-server publishing rule. If you are using TS Gateway over port 443 then you would use a web publishing rule.

If the relationship between two interfaces defined within ISA or FTMG is routed rather than natted then access rules can be used but require to be made in both directions - one for each outbound traffic flow.
0
 

Author Comment

by:Rupert Eghardt
ID: 33472803
Thanks Keith,

I'ts working.  I just had to tick the box for "Requests appear to come from the ISA server computer.

* I believe, if we want to publish TSWEB for the terminal server access, we will have to create a "web-publishing" rule instead?
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 33472823
Correct
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Switch Uplinking Arista to Force 10 5 37
VIRTUAL NETWORKING 3 60
DHCP lease duration / Migration 8 50
Point to point connection slow in one direction only 15 45
Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
PRTG Network Monitor lets you monitor your bandwidth usage, so you know who is using up your bandwidth, and what they're using it for.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

776 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question