• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

RDP problems

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA 2006 Firewall] >> Access Policies >> RDP problems Page: [1] 2   next >   >>
Login
Message << Older Topic   Newer Topic >>
RDP problems - 11.Aug.2009 12:02:29 PM   
DamianHill

 

Posts: 75
Joined: 20.Jul.2009
From: South Wales, UK
Status: offline
I've setup ISA as a back-to-back firewall to our BT Secure Services firewall.

I am able to see the RDP traffic hitting the ISA firewall but is denied access. I have configured the ISA itself so that I can RDP from an external source over VPN and this works fine, so I tried following a similar setup to the system policy but it still denies the connection.

The rule I've created is...
Action: Allow
Protocol: RDP(Terminal Services)
From: External
To: Internal
Users: All Users

I'm pulling my hair out over this so would be very grateful for any help.
Post #: 1
RE: RDP problems - 11.Aug.2009 12:23:21 PM   
DEVLAVI

 

Posts: 115
Joined: 16.Jul.2009
From: Bangalore, India
Status: offline
Access rule doesn't work here.
You need to publish RDP (Terminal Services) Server on a default  port or an alternative port (Non-Web Server Protocol Publishing rule) to the Internal IP of the ISA, Network listener Should be External.

HTH,
DEV

(in reply to DamianHill)
Post #: 2
RE: RDP problems - 11.Aug.2009 12:52:53 PM   
DamianHill

 

Posts: 75
Joined: 20.Jul.2009
From: South Wales, UK
Status: offline
Dev,

Thats for the information, is there a doc or tutorial showing what I need to do - I'm pretty new to ISA server.

Thanks

Damian

(in reply to DEVLAVI)
Post #: 3
RE: RDP problems - 11.Aug.2009 1:29:52 PM   
DEVLAVI

 

Posts: 115
Joined: 16.Jul.2009
From: Bangalore, India
Status: offline
Check out this article by Mr.Shinder
http://www.isaserver.org/articles/2004pubts.html

DEV

(in reply to DamianHill)
Post #: 4
RE: RDP problems - 11.Aug.2009 6:30:39 PM   
DamianHill

 

Posts: 75
Joined: 20.Jul.2009
From: South Wales, UK
Status: offline
I followed the article to the letter but it still fails. When I used a different port I a denied connection with 'Unidentifed IP Traffic(TCP:8888)' - yet I can still RDP from home into the ISA without a problem, I just don't get it.

The article is for ISA2004, I'm using ISA2006 would that make a difference?


(in reply to DEVLAVI)
Post #: 5
RE: RDP problems - 12.Aug.2009 8:27:51 AM   
DamianHill

 

Posts: 75
Joined: 20.Jul.2009
From: South Wales, UK
Status: offline
Any ideas guys?

(in reply to DamianHill)
Post #: 6
RE: RDP problems - 12.Aug.2009 8:39:47 AM   
SteveMoffat

 

Posts: 1130
Joined: 29.Jun.2001
From: Hamilton, Bermuda
Status: offline
You need a server publishing rule as said above, from your source network to the internal IP address of the server you are trying to rdp to.

_____________________________

Thanks
Steve

ISA 2006 Book! - http://tinyurl.com/2gpoo8
TMG Bible - http://tinyurl.com/ykv85hr
www.isaserver.bm

The built in ISA help is likely the most comprehensive help built into an application anywhere. USE it!!! Search it!!! RTFM

(in reply to DamianHill)
Post #: 7
RE: RDP problems - 12.Aug.2009 9:10:41 AM   
DamianHill

 

Posts: 75
Joined: 20.Jul.2009
From: South Wales, UK
Status: offline
Steve,

If I run through the steps I've been through to make this work...

1. Set RDP on ISA to listen on internal network only.
2. Followed http://www.isaserver.org/articles/2004pubts.html (publishing the RDP Server on the ISA Firewall) - which is for 2004, but seems as though it should be pretty much the same for 2006 - only difference being that I chose to publish Non-web server protocols. When following the article I create the port 9999, buit when attempting to connect from external I get access denied...
Client IP: 172.17.0.2
Destination IP: 10.0.0.11
Protocol: Unidentified IP Traffic (TCP:9999)

There is no longer any mention of RDP being denied.

Grateful for any nuggets!

Damian

(in reply to SteveMoffat)
Post #: 8
RE: RDP problems - 12.Aug.2009 9:31:42 AM   
SteveMoffat

 

Posts: 1130
Joined: 29.Jun.2001
From: Hamilton, Bermuda
Status: offline
& your forwarding 9999 to 3389?

_____________________________

Thanks
Steve

ISA 2006 Book! - http://tinyurl.com/2gpoo8
TMG Bible - http://tinyurl.com/ykv85hr
www.isaserver.bm

The built in ISA help is likely the most comprehensive help built into an application anywhere. USE it!!! Search it!!! RTFM

(in reply to DamianHill)
Post #: 9
RE: RDP problems - 12.Aug.2009 9:38:28 AM   
DamianHill

 

Posts: 75
Joined: 20.Jul.2009
From: South Wales, UK
Status: offline
I'm following exactly the article, there isn't a mention of port forwarding in there - can you explain what I should setup please?

(in reply to SteveMoffat)
Post #: 10
RE: RDP problems - 12.Aug.2009 9:51:10 AM   
DamianHill

 

Posts: 75
Joined: 20.Jul.2009
From: South Wales, UK
Status: offline
Steve,

I understand whats needed now, and looking at the article again and my port 9999 is set to pass it through on the default port 3389 so I guess it is forwarded.

Is there anything else I can do to allow the connection?

(in reply to DamianHill)
Post #: 11
RE: RDP problems - 12.Aug.2009 9:51:59 AM   
SteveMoffat

 

Posts: 1130
Joined: 29.Jun.2001
From: Hamilton, Bermuda
Status: offline
So you've changed the port that rdp listens on to 9999?

_____________________________

Thanks
Steve

ISA 2006 Book! - http://tinyurl.com/2gpoo8
TMG Bible - http://tinyurl.com/ykv85hr
www.isaserver.bm

The built in ISA help is likely the most comprehensive help built into an application anywhere. USE it!!! Search it!!! RTFM

(in reply to DamianHill)
Post #: 12
RE: RDP problems - 12.Aug.2009 9:58:03 AM   
DamianHill

 

Posts: 75
Joined: 20.Jul.2009
From: South Wales, UK
Status: offline
Steve,

On publishing I clicked 'ports' then set the following...

Firewall Ports - Publish on this port instead of the default port:8888.

Published Server Ports - Send requests to the default port on the published server.

I think that this will provide the port forwarding?

Damian

(in reply to SteveMoffat)
Post #: 13
RE: RDP problems - 12.Aug.2009 10:00:56 AM   
SteveMoffat

 

Posts: 1130
Joined: 29.Jun.2001
From: Hamilton, Bermuda
Status: offline
How are you testing this? Over the internet?

_____________________________

Thanks
Steve

ISA 2006 Book! - http://tinyurl.com/2gpoo8
TMG Bible - http://tinyurl.com/ykv85hr
www.isaserver.bm

The built in ISA help is likely the most comprehensive help built into an application anywhere. USE it!!! Search it!!! RTFM

(in reply to DamianHill)
Post #: 14
RE: RDP problems - 12.Aug.2009 10:07:53 AM   
DamianHill

 

Posts: 75
Joined: 20.Jul.2009
From: South Wales, UK
Status: offline
Yes. We initiate a VPN connection to the hardware firewall. We then attempt RDP into the network. I have sucessfully used RDP to access the ISA, but have since only allowed it to listen on the internal network.

Hope that makes sense!

(in reply to SteveMoffat)
Post #: 15
RE: RDP problems - 12.Aug.2009 10:15:30 AM   
SteveMoffat

 

Posts: 1130
Joined: 29.Jun.2001
From: Hamilton, Bermuda
Status: offline
you're rule should allow from the vpn network then. not external.

_____________________________

Thanks
Steve

ISA 2006 Book! - http://tinyurl.com/2gpoo8
TMG Bible - http://tinyurl.com/ykv85hr
www.isaserver.bm

The built in ISA help is likely the most comprehensive help built into an application anywhere. USE it!!! Search it!!! RTFM

(in reply to DamianHill)
Post #: 16
RE: RDP problems - 12.Aug.2009 10:21:56 AM   
DamianHill

 

Posts: 75
Joined: 20.Jul.2009
From: South Wales, UK
Status: offline
Steve,

It is my understanding that the VPN connection terminates at the Hardware firewall which all traffic hits, then all traffic is handed off to the ISA.

Are you saying I should use the VPN object, or IPSec???

(in reply to SteveMoffat)
Post #: 17
RE: RDP problems - 12.Aug.2009 10:27:46 AM   
DamianHill

 

Posts: 75
Joined: 20.Jul.2009
From: South Wales, UK
Status: offline
Steve,

I've gone back to square one and removed all rules. Now an attempt to RDP give the following denied message.

Destination IP:10.0.0.11 (Internal Terminal Server)
Port: 3389
Protocol: RDP (Terminal Services)
Action: Denied Connection
Client: 172.17.0.2
Source: External(172.17.0.2:49277)
Destination: Internal (10.0.0.11:3389)

Looking at the above output do you still think it needs anything further for the VPN connection?

Damian

(in reply to DamianHill)
Post #: 18
RE: RDP problems - 12.Aug.2009 11:11:25 AM   
DamianHill

 

Posts: 75
Joined: 20.Jul.2009
From: South Wales, UK
Status: offline
Don't know whether this helps narrow down my problem, but I'm also unable to access external to interal using 172.17.0.2 - everything we do appears to be denied.

(in reply to DamianHill)
Post #: 19
RE: RDP problems - 18.Aug.2009 8:45:47 AM   
frank_hoof

 

Posts: 52
Joined: 27.Mar.2008
Status: offline
Is the server that is using RDP client in the internal network zone?
This bothered me quit some time since the network dept decided to change the ip plan...

(in reply to DamianHill)
Post #: 20

Page:   [1] 2   next >   >> << Older Topic    Newer Topic >>
All Forums >> [ISA 2006 Firewall] >> Access Policies >> RDP problems Page: [1] 2   next >   >>
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts