RDP through ISA 2006

Discussion in 'Computer Security' started by HTF, Jun 5, 2010.

  1. HTF

    HTF Byte Poster

    181
    0
    14
    Hi,

    I installed ISA 2006 on W2K3 server which is also DC. When I try to RDP to XP machine with the default gateway (on XP machine) other than the ISA server everything's fine but when I set the ISA server on the XP machine as a gateway I cannot RDP to it from outside, even if I created the access rule to allow all outbound traffic.
    I can RDP to this machine inside the network like also to ISA server itself but not from outside.
    The error message below:
    What else should I set?

    Regards
     
    Certifications: A+
  2. Sparky
    Highly Decorated Member Award 500 Likes Award

    Sparky Zettabyte Poster Moderator

    10,718
    543
    364
    Noooooooooooooooooooooo!! :biggrin
     
    Certifications: MSc MCSE MCSA:M MCSA:S MCITP:EA MCTS(x5) MS-900 AZ-900 Security+ Network+ A+
    WIP: Microsoft Certs
  3. HTF

    HTF Byte Poster

    181
    0
    14
    I know, I know :tongue This is just for testing purpose. I can't find out where is the problem I think I need a barake :confused3
     
    Certifications: A+
  4. DC Pr0Mo

    DC Pr0Mo Kilobyte Poster

    268
    9
    41
    How have you set up the rule to allow rdp?
     
    Certifications: MCDST | BSc Network Computing | 365 Fundamentals
  5. HTF

    HTF Byte Poster

    181
    0
    14
    I tried 'RDP (Terminal Services)' like also 'RDP (Terminal Services) server' at the moment it looks like below:
    [​IMG]
     
    Certifications: A+
  6. DC Pr0Mo

    DC Pr0Mo Kilobyte Poster

    268
    9
    41
    You need to publish the client via a Publishing rule if you want to access it from outside the internal network, create a publishing rule with RDP server as protocol and the IP address of the client machine.

    If you are already accessing the ISA server via rdp, the you may also have to play around with the ports (Similar to port forwarding on a router) as the default rdp port 3389 will be getting used by the isa server for remote access.

    So you would publish on say 3390 but isa would then pass to the client machine on 3389. Does this make sense?
     
    Last edited: Jun 6, 2010
    Certifications: MCDST | BSc Network Computing | 365 Fundamentals
  7. HTF

    HTF Byte Poster

    181
    0
    14
    Thx for help, my server has only one NIC so when I chose 'Publish non web-server protocols' I had warning that one network card is detected and this particular option won't be support, so I've set virtual machine with two NICs but unfortunately still the same issue, something else must be also wrong.

    I also tried to publish web site but I couldn't because of the same problem (ISA is still filtering the port) so it appears there is also a problem with something else.

    Why it's not applying/recognize this rules:

    [​IMG]

    [​IMG]
     
    Last edited: Jun 6, 2010
    Certifications: A+
  8. HTF

    HTF Byte Poster

    181
    0
    14
    It works now I forgot about appropriate settings on the router but is it mean that it won't work or there is no way around to get this work with singel NIC?

    Edit:

    What are the options to force using proxy server. If I set GPO to use proxy it's only for internet explorer but when I use Firefox I can browse website without proxy server?

    Regards
     
    Last edited: Jun 6, 2010
    Certifications: A+
  9. Bluerinse
    Honorary Member

    Bluerinse Exabyte Poster

    8,878
    181
    256
    You need two physical NICs for ISA to act as a firewall.. basically it needs to be between your local network and the Internet, so all traffic going to and from your Internal network to an External network can be examined by ISA.

    So, one NIC would have a private IP address that allows it to communicate with your local network and the other NIC would have a public IP address or be on a different subnet that connects to your Internet gateway.
     
    Certifications: C&G Electronics - MCSA (W2K) MCSE (W2K)
  10. HTF

    HTF Byte Poster

    181
    0
    14
    Hello,

    Ok but what are the options to force using proxy server. If I set GPO to use proxy it's only for Internet explorer but when I use Firefox I can browse website without proxy server?
     
    Certifications: A+
  11. greenbrucelee
    Highly Decorated Member Award

    greenbrucelee Zettabyte Poster

    14,292
    265
    329
    If you want to use FF through the proxy server you have to manually configure FF through the connections tab and how do I want FF to use the internet.
     
    Certifications: A+, N+, MCDST, Security+, 70-270
    WIP: 70-620 or 70-680?
  12. HTF

    HTF Byte Poster

    181
    0
    14
    Yes, I know that but how to set so it won't work if I don't configure this another words to force using proxy.
     
    Certifications: A+
  13. greenbrucelee
    Highly Decorated Member Award

    greenbrucelee Zettabyte Poster

    14,292
    265
    329
    firefox gets its settings from IE, and it will try two ways of connecting to the internet by normal means and dial up. You can stop this by going into IE > tools > never dial a connection.
     
    Certifications: A+, N+, MCDST, Security+, 70-270
    WIP: 70-620 or 70-680?
  14. HTF

    HTF Byte Poster

    181
    0
    14
    Ok, is there a way to automate this a little bit, what if I would like to use this for the whole network so I won't have to set this on each individual device, like notebooks, ipods etc. and then if any user will use other browser it will simply not work unless he/she point the particular browser to proxy server useing Web Proxy.
     
    Certifications: A+
  15. greenbrucelee
    Highly Decorated Member Award

    greenbrucelee Zettabyte Poster

    14,292
    265
    329
    Certifications: A+, N+, MCDST, Security+, 70-270
    WIP: 70-620 or 70-680?
  16. HTF

    HTF Byte Poster

    181
    0
    14
    I'm still not pretty sure how to force all browser to use proxy. I remember one office where I couldn't access websites with firefox unless I re-installed and exported setting from IE. I'm wondering how they achieve this.
     
    Certifications: A+
  17. Bluerinse
    Honorary Member

    Bluerinse Exabyte Poster

    8,878
    181
    256
    If your gateway to the internet is the other side of your proxy server, for example ISA, on a different subnet, then you would HAVE to set a proxy server in FF or any application that needs to access the Internet.

    You see with one NIC in your proxy server, your browser can bypass it easily by selecting say your ADSL router as the gateway, as it's on the same subnet.
     
    Certifications: C&G Electronics - MCSA (W2K) MCSE (W2K)

Share This Page

Loading...
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.