Custom port

I have a ISA 2006 and want to come in on address x.x.x.x:101010 and be fowarded to my PC x.x.x.1, but want to go back out on port 3389.

I do not want to change my PC to listen on port 101010 for RDP.  How can this be configured?

If I make the PC RDP port 101010 it works fine from the outside, but I do not want to do that.
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Keith AlabasterEnterprise ArchitectCommented:
Create a new protocol for port xxxx that you want the ISA to listen on - remember to select INBOUND TCP, not outbound
Create a non-web-server publishing rule - at the query of which service you want to publish, choose your new protocol. Then click on ports and select the published service (second section down) and type in 3389.

The Isa will now listen on port xxxx and forweard to port 3389 internally.

Job done

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
mleidichAuthor Commented:
Do I check external networks and internal networks?
Keith AlabasterEnterprise ArchitectCommented:
Just external
Discover the Answer to Productive IT

Discover app within WatchGuard's Wi-Fi Cloud helps you optimize W-Fi user experience with the most complete set of visibility, troubleshooting, and network health features. Quickly pinpointing network problems will lead to more happy users and most importantly, productive IT.

mleidichAuthor Commented:
I can see this should be working but it isn't.  Do you need to reboot the ISA?
It doesn't make it to the PC with the rule and it should.
Keith AlabasterEnterprise ArchitectCommented:
No, ISA does not need rebooting. There is nothing else to do apart from ensuring that your external firewall/router is allowing port xxxx through to the ISA in the first place and secondly, making sure external RDP users make the RDP connection using port xxxx
Keith AlabasterEnterprise ArchitectCommented:
mleidichAuthor Commented:
Just one last question, I see someone is already setup on the network with this rule.  When I publish my rule I get this error
 "The Firewall service failed to bind a socket for the server on the ISA Server computer because another process is using the same port. Check if any other process is using the same port, and stop it if necessary"
Can you only have one rule like that?
Only One PC can be seup to come in on a x.x.x.x:xxxx to publish to 3389?
Keith AlabasterEnterprise ArchitectCommented:
Yes - only one instance per external ISA ip address. If you had two external ISA IP addresses then you could set up the same on the second ip address also and so on.
If port xxxx = 4444 currently then you could make a new protocol using tcp port 4445 and publish another instance of RDP using this so you had more than one listening port but on the same IP address.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Software Firewalls

From novice to tech pro — start learning today.