From: N. Fla
My ISA server is located between my external WAN router and my internal core router. My internal network is 10.104.x.x and 10.108.x.x. My external network is a "private" state gov network 164.51.156.x. I also have a section of our organization at a different location, behind a different private addresses range, 10.10.x.x and thats behind another different "private" state gov network, 150.176.x.x. I have a domain BDC there with a handful of domain clients. My ISA server LAT defines my first two internal networks (10.104 and 10.108) but not the remote section (150.176). I have nothing defined in the LDT (not sure if I really need it, I only have SecureNAT client for now) I have set protocol definitions and protocol rules as wide open as possible (for test purposes only) allowing all traffic in both directions. This also includes custom definitions to provide for Netbios ports to provide for any NT 4.0 (which we are) authentication and resolution (135,137,138,139,445). I have my PDC published with "Any RPC Server" as the mapped server protocol. I have configured SMS (1.2) and VNC protocol definitions, and included them into a protocol rule. When I test the ISA server I can make an SMS and VNC connection to the remote BDC. I can not connect to the remote BDC using server manager. My remote clients can not connect new sessions, but that can continue pre-existing sessions. It appears that new netbios sessions can't be astablished. Is this a LAT issue? If not, any suggestions?
ISA Server sees the world as trusted and untrusted. The trusted networks are on the LAT. The untrusted networks are not on the LAT. Don't trust to do things RPC, DCOM, NetBIOS and domain log ons between trusted and untrusted networks. If a network can't be trusted, then it doesn't make sense to perform these high risk operations with them (from the perspective of ISA Server).