Solved

Terminal Server access through ISA 2006

Posted on 2010-08-17
5
592 Views
Last Modified: 2013-11-21
Hi Guys,

I configured a terminal server on a Windows 2003 box, all went well and the terminal server is accessible over the LAN.  However, I am trying to configure the ISA firewall to allow connections from the internet, but I keep getting log entry, ACTION:  "denied connection" for the new ISA rule I created for TS.

I created an Access Rule in ISA with source:  "the Internet" and destination:  "IP that of the terminal server".

With RDP port enabled "outbound".  
When I change to "inbound" no log entries appear, and access to the TS still fails.
0
Comment
Question by:Rupert Eghardt
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 51

Accepted Solution

by:
Keith Alabaster earned 500 total points
ID: 33461576
Need to publish the RDP service using a non-web-server publishing rule instead of an access rule to cover the RDP traffic that is initiated from the Internet and is inbound.
An access rule for RDP from internal to external will cover RDP traffic that is initiated from the internal network
0
 

Author Comment

by:Rupert Eghardt
ID: 33461948
Thanks keith, could you perhaps just explain why an access rule won't work, and the reason why a non-web-server "PUBLISHING" rule is required?   What is the general consensus regarding the use of "access rule" v/s "non-web-server publishing rule".

0
 
LVL 51

Assisted Solution

by:Keith Alabaster
Keith Alabaster earned 500 total points
ID: 33469061
An access rule is traditionally used for outbound connections i.e. traffic leaving a network that is more secure than the network to which the traffic is destined.
A publishing rule is used to create a 'fronting' connection point for a service that is hosted on a network that is considered by ISA or FTMG as more secure than the requesting device.

I have indicated a non-web-server publishing rule on the assumption that you are using port 3389, the traditional Terminal Services port. Port 3389 is not a proxyable protocol therefore would use a non web-server publishing rule. If you are using TS Gateway over port 443 then you would use a web publishing rule.

If the relationship between two interfaces defined within ISA or FTMG is routed rather than natted then access rules can be used but require to be made in both directions - one for each outbound traffic flow.
0
 

Author Comment

by:Rupert Eghardt
ID: 33472803
Thanks Keith,

I'ts working.  I just had to tick the box for "Requests appear to come from the ISA server computer.

* I believe, if we want to publish TSWEB for the terminal server access, we will have to create a "web-publishing" rule instead?
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 33472823
Correct
0

Featured Post

PeopleSoft Has Never Been Easier

PeopleSoft Adoption Made Smooth & Simple!

On-The-Job Training Is made Intuitive & Easy With WalkMe's On-Screen Guidance Tool.  Claim Your Free WalkMe Account Now

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Data center, now-a-days, is referred as the home of all the advanced technologies. In-fact, most of the businesses are now establishing their entire organizational structure around the IT capabilities.
Know what services you can and cannot, should and should not combine on your server.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

710 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question