Welcome to ISAserver.org

Forward/route connections

Users viewing this topic: none

Logged in as: Guest

Printable Version

All Forums >> [ISA Server 2004 General ] >> Server Publishing >> Forward/route connections

Page: [1]

Message

<< Older Topic Newer Topic >>

Forward/route connections - 30.Mar.2010 4:32:55 AM

Milton

Posts: 1
Joined: 30.Mar.2010
Status: offline

Hello guys I would like to know if I am doing something right on my ISA 2004/SP2.

My wish: Forward RDP Connections from 162.87.x.x to 172.0.0.x network, in default or different ports (any that works).
Follow the scenario, network set:
Perimetral Range:
172.0.0.0 - 172.0.0.255
Internal Range:
162.87.192.1 - 162.87.199.254
Local Host:
162.87.192.218
10.0.0.10

The hosts in PERIMETRAL network are behind the firewall connected by switch.
The FW has two interfaces:
162.87.192.218
172.0.0.10

I�m trying to redirect RDP remote connections that comes from internal network and goes to the perimetral network.
I have created rules (in the 1st place of list) that allow connections in 1000 port (of local host network) from anywhere and forward it to one of my servers in 172. network (on RDP default port).
I try to connect to 162.87.192.218:1000 and nothing works.
Looking the fw log I see that the packets are dropped by the last rule that deny all conections from all network to all network.
What I need to do to correct it?
tks.

_____________________________

MM

Post #: 1

Featured Links*

RE: Forward/route connections - 30.Mar.2010 10:06:53 AM

Rotorblade

Posts: 1348
Joined: 27.Feb.2007
Status: offline

quote:

Hello guys I would like to know if I am doing something right on my ISA 2004/SP2.

Hi and based from your post; no it doesn�t sound right what you�re trying to accomplish with ISA.

First and foremost ISA is a Firewall and is not technically a router, but it does have routing capabilities if you configure the network object rules properties to use a �route� relationship instead of �NAT�.
Configuring a �route� relationship with your current configuration would not be a recommended best practice. Adding a third NIC to ISA and defining a �perimeter� network object with the proper IP ranges defined would be called for here. You then would configure the �perimeter� network object rules with a �route� relationship for Internal network bi-directional communication to take place. Then you need to configure/update your L3 network devices, servers and clients with the proper routing information to the �perimeter� network and lastly, protocols defined, DNS properly configured and firewall access rules defined to permit access.

HTH

RB

_____________________________

David Melvin
Ohio
MCSE: Security 2003, MCSA:Security 2003

(in reply to Milton)

Post #: 2

RE: Forward/route connections - 17.Aug.2010 8:33:39 PM

larbac

Posts: 7
Joined: 21.Apr.2009
Status: offline

Hi,

I was trying to accomplish a very similar behaviour.
Could you just tell me when you find the forward tab on ISA?
I would simply like to:
All traffic request to IP 111.111.111.111 will be forward and go to IP 111.111.111.222

Thanks

(in reply to Milton)

Post #: 3