Remote Desktop Protocol In (Full Version)

All Forums >> [ISA Server 2004 Firewall] >> Access Policies


dbj1408 -> Remote Desktop Protocol In (11.Feb.2004 10:38:00 PM)

Hi Tom,

I have owned your book for quite some time and have found it very helpful. We are testing ISA2k4 and have it mostly configured. One issue we are still struggling with is Remote Desktop into our internal network from the outside. We see the Terminal Services protocol but that appears to be for outbound verses inbound.

We can establish a VPN connection thru ISA, but not Remote Desktop. We have this working on our ISA2K server. Any help would be greatly appreciated.


Linke Loe -> RE: Remote Desktop Protocol In (11.Feb.2004 11:12:00 PM)

You have to create your own protocol definition for inbound trafic on TCP port 3389. Publish your terminal server using this protocol definition.

ntnghia -> RE: Remote Desktop Protocol In (12.Feb.2004 7:21:00 AM)

hi Linke Loe

with ISA2K4 you can do that. i don't know why.
although protocal we define with access inbound is disable.

anybody have any solution

Linke Loe -> RE: Remote Desktop Protocol In (12.Feb.2004 8:36:00 AM)

I've done it too. On a default installation of ISA 2004, the first thing I did was making a protocol definition for Terminal Services. On the "primary connection information" page of the "new protocol definition" wizard, click "new". Here you can select TCP as protocol type and Inbound as direction. In the port range you only have to fill in "3389" in the from-field. That should do it...

zhangmeibo -> RE: Remote Desktop Protocol In (12.Feb.2004 10:05:00 AM)

hi , link
After you set up a new protocol, example "RDP inbound", you can't set up a new access rule for "RDP inbound",but you can use server publishing for "RDP inbound".

Linke Loe -> RE: Remote Desktop Protocol In (12.Feb.2004 12:32:00 PM)

That's correct. When you want to publish a server, you have to use 'server publishing'... (duh..). And you use inbound protocol definitions to publish servers...

dbj1408 -> RE: Remote Desktop Protocol In (13.Feb.2004 4:30:00 AM)

Thanks everyone for your comments. We attempted to use the server publishing rule for inbound RDP access and the only thing we got it to work with was the ISA server itself (which is also the VPN server). Any ideas?


zhangmeibo -> RE: Remote Desktop Protocol In (13.Feb.2004 4:45:00 AM)

when you publish RDP server , choose ip of internal RDP server -> RE: Remote Desktop Protocol In (13.Feb.2004 9:58:00 PM)


Just a thought : if you have it working on the ISA server itself , the port might be in use ( actually it will be in use and the publishing won't work ).
try to disable terminal server on the ISA server , then do a netstat -a -n to see if there's no ports 3389 in use , then publish the internal server , do a netstat -a -n to see that port 3389 is 'listening' on the correct NIC , and try to do a RDP session FROM the firewall TO the internal server ( if it doesn't work , it won't be able to publish the server anyway ).

You might also need to allow 'External' network access to port 3389 to the 'Internal' network.

Hope it helps.

Lex Penrose.

tshinder -> RE: Remote Desktop Protocol In (14.Feb.2004 1:22:00 AM)

Hey guys,

Make sure that the RDP services on the ISA box are listening only on the internal interface. That was easy to do with Terminal Services, because you can use the Terminal Services manager. I haven't looked into how to do that with Remote Desktop on the Windows 2003 box.

Anyone know how?

Tom -> RE: Remote Desktop Protocol In (15.Feb.2004 4:59:00 PM)

Hi Tom,

On Windows 2003 it's also done thru the Terminal Services Configuration ( RDP settings )

Kind regards,
Lex Penrose

Page: [1]