No, the TS is inside the network behind the firewall. The existing rule forwards RDP to that server from outside connections. The outside connections work fine. They're trying to work with the interface in house and they're being blocked (I guess) from RDP going outbound and then back inbound again.
Someone on EE wrote that ISA just doesn't allow it, period, but I've worked with other firewalls that don't have an issue with it, so I'm thinking there has to be some way of doing it. Jay Jay Dale Senior Systems Administrator P:281-574-2414 From: S Powell [mailto:powe...@gmail.com] Sent: Thursday, June 02, 2011 3:22 PM To: NT System Admin Issues Subject: Re: RDP through ISA Array does that rule allow inside to that IP? --the TS you are trying to reach is outside on the WAN? ... you'd need a rule inside to that IP as well... ----------------- Who'd you rather be, the Beatles or the Rolling Stones? On Thu, Jun 2, 2011 at 12:44, Jay Dale <jd...@unetek.com<mailto:jd...@unetek.com>> wrote: There is currently a rule to allow RDP from the outside to the inside to a specific IP. I tried creating a rule that would allow outbound RDP, but that didn't help. Jay Dale Senior Systems Administrator P:281-574-2414<tel:281-574-2414> From: S Powell [mailto:powe...@gmail.com<mailto:powe...@gmail.com>] Sent: Thursday, June 02, 2011 11:39 AM To: NT System Admin Issues Subject: Re: RDP through ISA Array Does it have its own rule to allow this access externally? you said internal cannot RDP to WAN, is this a separate rule? check this rule to make sure it is still correct. ----------------- Who'd you rather be, the Beatles or the Rolling Stones? On Wed, Jun 1, 2011 at 06:52, Jay Dale <jd...@unetek.com<mailto:jd...@unetek.com>> wrote: Hey all, I have a client who is using 2 ISA 2006 servers in an array. ISA 1 is for the internal clients with a subnet of 192.168.0.0 and ISA 2 is the external access with a WAN IP and DMZ. The WAN IP is bound to the NIC along with a block of secondary IP's. They use a web application that, upon clicking a hyperlink launches a window that in turn launches an RDP connection to one of the WAN links that then runs a Terminal Server application on a 2008 Enterprise server. The problem they're having is that external users can run the application just fine, but users on the internal network can't RDP to the WAN address. They say it used to work, but either a patch broke it or something has changed and they can no longer access it. When they click on the hyperlink, a white window comes up and then the RDP warning window regarding using the Clipboard comes up, but then nothing. I've tried RDP'ing directly to the WAN address from inside the network and it fails. I try RDP'ing directly to the private IP that it's supposed to point to and it works fine. I've looked in the ISA's and there is a policy that allows RDP listening on that WAN IP to forward to the right server, so settings-wise it appears to be right, but it doesn't work. I haven't worked with ISA in years and I'm not sure where to go from here - I've tried disabling the RPC filter and such but to no avail. Can anyone point me in the right direction? Thanks, Jay Jay Dale Senior Systems Administrator Unetek, Inc. Phone: 281.574.2414<tel:281.574.2414> Email:jd...@unetek.com<mailto:jd...@unetek.com> Confidentiality Notice: This e-mail, including any attached files, may contain confidential and/or privileged information for the sole use of the intended recipient. If you are not the intended recipient, you are hereby notified that any review, dissemination or copying of this e-mail and attachments, if any, or the information contained herein, is strictly prohibited. If you are not the intended recipient (or authorized to receive information for the intended recipient), please contact the sender by reply e-mail and delete all copies of this message. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
