• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

TOM Please Help - Urgent Request

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2004 Firewall] >> Management >> TOM Please Help - Urgent Request Page: [1]
Login
Message << Older Topic   Newer Topic >>
TOM Please Help - Urgent Request - 31.Aug.2005 9:26:00 PM   
dfcrj

 

Posts: 46
Joined: 5.Sep.2003
From: AL
Status: offline
I've been running ISA 2004 on a Windows 2003 Server SP1 for several months so I don't when this issue started I just found it.
I can log onto "any" outside computer and open up Remote Desktop Connection and type in the FQDN of my MS Exchange 2003 server and hit connect and I log into my ISA 2004 box??
No VPN connection needs to be established!
I'm instantly prompted for username/pw of any account in my domain.
When I do establish my VPN connection, and type the FQDN of my exchange server I log into the exchange. But I cant remote desktop into the ISA?
Please give something to look for!
Post #: 1
RE: TOM Please Help - Urgent Request - 1.Sep.2005 9:45:00 AM   
ClintD

 

Posts: 1848
Joined: 26.Jan.2001
From: Keller, TX
Status: offline
Check the Firewall Policies and see which rule allow RDP from "Anywhere" or "External" to "Local Host".

Don't forget to check the System Policy (right click Firewall Policy and select Edit System Policy) for "Remote Management" and see what Networks are lited in there.

(in reply to dfcrj)
Post #: 2
RE: TOM Please Help - Urgent Request - 1.Sep.2005 6:13:00 PM   
dfcrj

 

Posts: 46
Joined: 5.Sep.2003
From: AL
Status: offline
I have looked thru each policy and I have none that have an External to Internal rule. Only out bound except for the web site/email rules. On the system policy the Remote Management was enabled to allow external connection. I disabled that feature and now when I try it after 20 seconds or so I receive the standard message that the computer might not be available. The same one you would receive if were inside the domain and couldn't connect. What I'v done only puts a patch on the issue. I'm troubled by typing in my FQDN of my Exchange server and I'm redirected to the ISA. Something is terribly wrong [Confused]

(in reply to dfcrj)
Post #: 3
RE: TOM Please Help - Urgent Request - 1.Sep.2005 9:07:00 PM   
ClintD

 

Posts: 1848
Joined: 26.Jan.2001
From: Keller, TX
Status: offline
quote:
The same one you would receive if were inside the domain and couldn't connect. What I'v done only puts a patch on the issue
No - it is not a patch - it is the solution.

quote:
I'm troubled by typing in my FQDN of my Exchange server and I'm redirected to the ISA
You shouldn't be troubled - this is how you should have it functioning. ISA Server Publishes your Exchange Server right? In other words, if you try to send mail to your Exchange Server's FQDN, it SHOULD resolve to ISA's External IP as ISA NAT's this to the Exchange hosts internal IP. It's not different than RDP - we're just resolving the Exchange FQDN to ISA's external IP. And since you allowed Remote Desktop from External, ISA allowed the connection attempt on its External interface.

(in reply to dfcrj)
Post #: 4
RE: TOM Please Help - Urgent Request - 1.Sep.2005 9:33:00 PM   
dfcrj

 

Posts: 46
Joined: 5.Sep.2003
From: AL
Status: offline
Thats make me feel better because I was worried.
I appreciate your help more than you know.
thanks indeed!

[ September 01, 2005, 09:33 PM: Message edited by: RickJ ]

(in reply to dfcrj)
Post #: 5
RE: TOM Please Help - Urgent Request - 4.Sep.2005 1:07:00 PM   
Rickymag

 

Posts: 509
Joined: 26.Nov.2003
From: SA
Status: offline
Great work this is good posting thanks to the people concerned.

For you information Rick you should look at you system policy and ensure that only IP address of machines that you want are in there so that the whole internet can not manage your ISA server and attempt brute force on your account [Smile]

Thanks for all the good posting once again

RM

(in reply to dfcrj)
Post #: 6

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2004 Firewall] >> Management >> TOM Please Help - Urgent Request Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts