Sign in
Microsoft.com
 
Forefront Edge Security TechCenter
 
 
 
Forefront Edge Security TechCenter > Forefront Edge Security Forums > Forefront Edge Security - Publishing > ISA 2006 publishing Servers
Ask a questionAsk a question
Search Forums:
 

AnswerISA 2006 publishing Servers

  • Saturday, September 12, 2009 9:21 AMPort Douglas Users MedalsUsers MedalsUsers MedalsUsers MedalsUsers Medals
     
    Sign In to Vote
    0
    Sign In to Vote
    Hi, I have just built an ISA2006 SP1 Server Standard Edition
    I have assigned 10.10.X and 10.140.x to the internal network and the last Interface is External.
    I have created an Inbound network rule from the External Interface to both the Internal Interfaces with a network relationship of Route.
    I have created a Friewall rule policy to allow RDP Server protocol (inbound) from External to Internal networks.
    I have tested the rule using the Traffic simulator and it returns a success feedback.
    Thought all of the above was done, I still cannot access my internal server via RDP.
    Can you tell me if I have left something out?
     

Answers

  • Saturday, September 12, 2009 3:46 PMSergey Sypalo Users MedalsUsers MedalsUsers MedalsUsers MedalsUsers Medals
     Answer
    Sign In to Vote
    0
    Sign In to Vote
    Hi, Port
       You should remove network rule that you a create. Otherwise you need to publish RDP Server. In actions menu do following:
       1) Click publish non-web server
       2) type rule name
       3) type internal server ip
       4) select protocol (RDP (Terminal Services) in your case)
       5) select network from wich you need access External)

    But remember that you need server farm or other balancing mechaism to allow access to different server from External network. For Windows Server 2008 you need to publish TS Gateway
    MCSE: M+S, SMS/SCCM, CCNA
     
  • Monday, September 14, 2009 2:07 AMSergey Sypalo Users MedalsUsers MedalsUsers MedalsUsers MedalsUsers Medals
     Answer
    Sign In to Vote
    0
    Sign In to Vote
    Hi, Port

      I think you do not need to create network rules. Unfortunately i do not have ISA with NLB, to provide more accurate information, but i think you should use web listeners instead of creating network rules. Creating additional network rules needed, when you use ISA as router, additionally to proxy and server publishing capabilities. More info about NLB in ISA 2006 at http://technet.microsoft.com/en-us/library/bb794741.aspx and secure publishing http://technet.microsoft.com/en-us/library/bb794854.aspx
    MCSE: M+S, SMS/SCCM, CCNA
     

All Replies

  • Saturday, September 12, 2009 3:46 PMSergey Sypalo Users MedalsUsers MedalsUsers MedalsUsers MedalsUsers Medals
     Answer
    Sign In to Vote
    0
    Sign In to Vote
    Hi, Port
       You should remove network rule that you a create. Otherwise you need to publish RDP Server. In actions menu do following:
       1) Click publish non-web server
       2) type rule name
       3) type internal server ip
       4) select protocol (RDP (Terminal Services) in your case)
       5) select network from wich you need access External)

    But remember that you need server farm or other balancing mechaism to allow access to different server from External network. For Windows Server 2008 you need to publish TS Gateway
    MCSE: M+S, SMS/SCCM, CCNA
     
  • Sunday, September 13, 2009 2:14 PMPort Douglas Users MedalsUsers MedalsUsers MedalsUsers MedalsUsers Medals
     
    Sign In to Vote
    0
    Sign In to Vote
    Thank you very much for that, it worked fine when I deleted the network rule on ISA Standard edition.
    Would this be the same process for ISA2006 Enterprise edition?
    I am also using NLB if that makes any difference on Enterprise edition
    When I do publish the RDP rule using non webserver option and choose RDP (Server) in ISA Enterprise
    I recieve error the tells me I don;t have a valid web listener.
    So I create a network rule to allow inbound traffic from Internet to the relevant internal networks using the Route relation
    I recieve message saying the the initial valid listener error is resolved
    I tired using the traffic simulator again, I get a success return.
    I tried to RDP in to my server but it fails and I get a log entry saying that the access is denied by (Enterprise) default rule
    I read that the rule priority makes a big difference but I can't see where I can set it.

     
  • Monday, September 14, 2009 2:07 AMSergey Sypalo Users MedalsUsers MedalsUsers MedalsUsers MedalsUsers Medals
     Answer
    Sign In to Vote
    0
    Sign In to Vote
    Hi, Port

      I think you do not need to create network rules. Unfortunately i do not have ISA with NLB, to provide more accurate information, but i think you should use web listeners instead of creating network rules. Creating additional network rules needed, when you use ISA as router, additionally to proxy and server publishing capabilities. More info about NLB in ISA 2006 at http://technet.microsoft.com/en-us/library/bb794741.aspx and secure publishing http://technet.microsoft.com/en-us/library/bb794854.aspx
    MCSE: M+S, SMS/SCCM, CCNA