Possibly set the rule on the ISA server to listen on both the WAN and the LAN NICs, and then also set the rule to allow traffic from both internal and external networks, and then set up split DNS so that from inside the LAN the URL resolves to the internal IP of the ISA server.
________________________________ From: Jay Dale [mailto:[email protected]] Sent: Thursday, June 02, 2011 4:31 PM To: NT System Admin Issues Subject: RE: RDP through ISA Array No, the TS is inside the network behind the firewall. The existing rule forwards RDP to that server from outside connections. The outside connections work fine. They're trying to work with the interface in house and they're being blocked (I guess) from RDP going outbound and then back inbound again. Someone on EE wrote that ISA just doesn't allow it, period, but I've worked with other firewalls that don't have an issue with it, so I'm thinking there has to be some way of doing it. Jay Jay Dale Senior Systems Administrator P:281-574-2414 From: S Powell [mailto:[email protected]] Sent: Thursday, June 02, 2011 3:22 PM To: NT System Admin Issues Subject: Re: RDP through ISA Array does that rule allow inside to that IP? --the TS you are trying to reach is outside on the WAN? ... you'd need a rule inside to that IP as well... ----------------- Who'd you rather be, the Beatles or the Rolling Stones? On Thu, Jun 2, 2011 at 12:44, Jay Dale <[email protected]> wrote: There is currently a rule to allow RDP from the outside to the inside to a specific IP. I tried creating a rule that would allow outbound RDP, but that didn't help. Jay Dale Senior Systems Administrator P:281-574-2414 From: S Powell [mailto:[email protected]] Sent: Thursday, June 02, 2011 11:39 AM To: NT System Admin Issues Subject: Re: RDP through ISA Array Does it have its own rule to allow this access externally? you said internal cannot RDP to WAN, is this a separate rule? check this rule to make sure it is still correct. ----------------- Who'd you rather be, the Beatles or the Rolling Stones? On Wed, Jun 1, 2011 at 06:52, Jay Dale <[email protected]> wrote: Hey all, I have a client who is using 2 ISA 2006 servers in an array. ISA 1 is for the internal clients with a subnet of 192.168.0.0 and ISA 2 is the external access with a WAN IP and DMZ. The WAN IP is bound to the NIC along with a block of secondary IP's. They use a web application that, upon clicking a hyperlink launches a window that in turn launches an RDP connection to one of the WAN links that then runs a Terminal Server application on a 2008 Enterprise server. The problem they're having is that external users can run the application just fine, but users on the internal network can't RDP to the WAN address. They say it used to work, but either a patch broke it or something has changed and they can no longer access it. When they click on the hyperlink, a white window comes up and then the RDP warning window regarding using the Clipboard comes up, but then nothing. I've tried RDP'ing directly to the WAN address from inside the network and it fails. I try RDP'ing directly to the private IP that it's supposed to point to and it works fine. I've looked in the ISA's and there is a policy that allows RDP listening on that WAN IP to forward to the right server, so settings-wise it appears to be right, but it doesn't work. I haven't worked with ISA in years and I'm not sure where to go from here - I've tried disabling the RPC filter and such but to no avail. Can anyone point me in the right direction? Thanks, Jay Jay Dale Senior Systems Administrator Unetek, Inc. Phone: 281.574.2414 Email:[email protected] Confidentiality Notice: This e-mail, including any attached files, may contain confidential and/or privileged information for the sole use of the intended recipient. If you are not the intended recipient, you are hereby notified that any review, dissemination or copying of this e-mail and attachments, if any, or the information contained herein, is strictly prohibited. If you are not the intended recipient (or authorized to receive information for the intended recipient), please contact the sender by reply e-mail and delete all copies of this message. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin Confidentiality Notice: ----------------------- This communication, including any attachments, may contain confidential information and is intended only for the individual or entity to whom it is addressed. Any review, dissemination, or copying of this communication by anyone other than the intended recipient is strictly prohibited. If you are not the intended recipient, please contact the sender by reply email, delete and destroy all copies of the original message. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
