• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Publishing RDP on a side network

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2004 General ] >> Server Publishing >> Publishing RDP on a side network Page: [1]
Login
Message << Older Topic   Newer Topic >>
Publishing RDP on a side network - 1.Apr.2008 6:22:34 AM   
michaelbrandi

 

Posts: 3
Joined: 25.May2003
From: Denmark
Status: offline
I have posted this here earlier, but had no replies, I'm now posting it again in a post with more detail. I can not find anyone who has been able to solve this mystery.

I have a Small Business Server 2003 with ISA2004 on it. I have put an extra network adapter in the server so that is has three, and reconfigured ISA server to have a perimiter network. This perimiter network is called 10.10.10.x  255.255.255.0 I have the normal internal network wich is: 192.168.100.x  255.255.255.0 Finally I have the Internet adapter where I have added 3 IP adresses from the network segment I have ending in: xxx.xxx.xxx.194,  .195 and .196  On the perimiter network I have a Windows 2000 based webserver (10.10.10.11), running this particular companys website, and I have without any problems created a web listener on the .195 IP and published the website to the Internet. I exported all the standard SBS2003 ISA rules before reconfiguring the ISA server with a perimiter network, and then imported those rules after, so since this is standard SBS2003 rules (+ some extra ones of course), I have rules that allow RDP to the SBS2003 server, both internally and from the Internet, and that's excactly what I want for maintanence purposes. Now to the problem: I also want to be able to reach RDP on the webserver that sits on the perimiter network, from the Internet. Since the SBS2003 server is already listening on port 3389 on all IPs, I need to publish RDP for the webserver on a different port. I'm aware that I can change the listening port right in the server publishing rule, (and I have also tried that, without any luck), but right now I have changed the TCP/IP-RDP settings on the webserver itself to listen on port 33000 (it's tested and works internally, of course). Then I have created a server publishing rule on the SBS2003 server, that publishes the 10.10.10.11 address, port 33000 TCP incomming. I have also created access rules that allow the outgoing traffic. I have configured the listener to only listen on the xxx.xxx.xxx.195 IP address. As you can see from the ISA logging info(Don't focus on the fact that the errors show the IP to end wth .194, as a test I changed the listener to the first IP of the SBS server and modified the rules, in case it had something to do with that, but the results were the same. It's now configured as described above again) The logging info for the connection attempt seems to indicate that there is nothing listening on the 33000 port of xxx.xxx.xxx.195 when I try to connect, so I ran the fwengmon.exe tool, and if I understand the output right, then it says that ISA is listening on port 33000 on all adapters? (even though I only asked it to listen on one)2092 TCP(6)   0.0.0.0:0             10.10.10.11:33000     No  If I have understood everything correctly so far, then I'm not sure how that explains why things are not working as expected, and I have no idea of how to make it work? Could it be that if ISA is listening on all adapters, that would also mean that it is listening on 10.10.10.10. When it then tries to forward traffic from the xxx.xxx.xxx.195 address to 10.10.10.11. Would it try to pass the traffic from 10.10.10.10 to 10.10.10.11 on port 33000? If that is true, and it is listening on port 10.10.10.10 also, then maybe that could explain why communication breaks down? but this is just speculation and theory, and I'm not sure I understand everything correctly.' Log Info: 




Initiated Connection


DANMARK 20-02-2008 12:52:11



Log type: Firewall service



Status: The operation completed successfully.



Rule: WWWRDP IN



Source: External ( xxx.xxx.xxx.102:1403)



Destination: Local Host ( xxx.xxx.xxx.194:33000)



Protocol: WWWRDP OUT




User:





Additional information

Number of bytes sent: 0 Number of bytes received: 0
Processing time: 0ms Original Client IP: xxx.xxx.xxx.102
Client agent:






Closed Connection


DANMARK 20-02-2008 12:52:11



Log type: Firewall service



Status: A connection was abortively closed after one of the peers sent a RST segment.



Rule: WWWRDP IN



Source: External ( xxx.xxx.xxx.102:1403)



Destination: Local Host ( xxx.xxx.xxx.194:33000)



Protocol: WWWRDP OUT




User:




Additional information

Number of bytes sent: 52 Number of bytes received: 40
Processing time: 0ms Original Client IP: xxx.xxx.xxx.102
Client agent:
 
Thanks,
Michael
Post #: 1

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2004 General ] >> Server Publishing >> Publishing RDP on a side network Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts