There is currently a rule to allow RDP from the outside to the inside to a specific IP. I tried creating a rule that would allow outbound RDP, but that didn't help.
Jay Dale Senior Systems Administrator P:281-574-2414 From: S Powell [mailto:[email protected]] Sent: Thursday, June 02, 2011 11:39 AM To: NT System Admin Issues Subject: Re: RDP through ISA Array Does it have its own rule to allow this access externally? you said internal cannot RDP to WAN, is this a separate rule? check this rule to make sure it is still correct. ----------------- Who'd you rather be, the Beatles or the Rolling Stones? On Wed, Jun 1, 2011 at 06:52, Jay Dale <[email protected]<mailto:[email protected]>> wrote: Hey all, I have a client who is using 2 ISA 2006 servers in an array. ISA 1 is for the internal clients with a subnet of 192.168.0.0 and ISA 2 is the external access with a WAN IP and DMZ. The WAN IP is bound to the NIC along with a block of secondary IP's. They use a web application that, upon clicking a hyperlink launches a window that in turn launches an RDP connection to one of the WAN links that then runs a Terminal Server application on a 2008 Enterprise server. The problem they're having is that external users can run the application just fine, but users on the internal network can't RDP to the WAN address. They say it used to work, but either a patch broke it or something has changed and they can no longer access it. When they click on the hyperlink, a white window comes up and then the RDP warning window regarding using the Clipboard comes up, but then nothing. I've tried RDP'ing directly to the WAN address from inside the network and it fails. I try RDP'ing directly to the private IP that it's supposed to point to and it works fine. I've looked in the ISA's and there is a policy that allows RDP listening on that WAN IP to forward to the right server, so settings-wise it appears to be right, but it doesn't work. I haven't worked with ISA in years and I'm not sure where to go from here - I've tried disabling the RPC filter and such but to no avail. Can anyone point me in the right direction? Thanks, Jay Jay Dale Senior Systems Administrator Unetek, Inc. Phone: 281.574.2414<tel:281.574.2414> Email:[email protected]<mailto:[email protected]> Confidentiality Notice: This e-mail, including any attached files, may contain confidential and/or privileged information for the sole use of the intended recipient. If you are not the intended recipient, you are hereby notified that any review, dissemination or copying of this e-mail and attachments, if any, or the information contained herein, is strictly prohibited. If you are not the intended recipient (or authorized to receive information for the intended recipient), please contact the sender by reply e-mail and delete all copies of this message. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
