Re: ISA Rule for Remote Desktop?

Well here is the "rest of the story". My Internet provider has the ability
to provide "backup bandwidth" if one of their resources fails or is having
problems (of course depending on the source of the problem). So when I'm on
backup bandwidth I have a different IP address than the normal address.
Recently I've been switched to the backup and in turn have a different IP
address. I initially noticed that there was no access to RWW. After we got
that problem figured out (A record for the domain name pointing to the wrong
IP address) I can now access RWW and use Outlook Web but still can't Remote
Desktop into anything from within RWW (from outside the LAN). It has worked
in the past...this is not a new configuration.....and the ISP has ports 25,
443, 444, and 4125 forwarded to my WAN card on the server. I see the
attempts being made from the logging interface in ISA to port 4125 when I
attempt to do Remote Desktop from outside my network but I receive this
message:

"The client could not connect to the remote computer. Remote connections
might not be enabled or the computer might be too busy to accept new
connections. It is also possible that network problems are preventing your
connection. Please try again later. If the problem continues to occur,
contact your administrator."

The blue information bar on this window says: VBScript: Remote Desktop
Disconnected. I'm sure that traffic is getting through to port 4125 because
I can see the attempt being made to connect to that port in ISA logging but
it looks like it gets closed right after that. There are three connection
attempts in the ISA log and right after each attempt the connection is
closed.

Thanks
Jeff


"SuperGumby [SBS MVP]" <not@xxxxxxxxxxx> wrote in message
news:uYc0nOMVHHA.1208@xxxxxxxxxxxxxxxxxxxxxxx
GAWD, that, and how ISA defines inbound/outbound rules, just confuses me.

ISA rules have nothing to do with how the remote PC sees it. The
inbound/outbound is purely from (some wierd MS) ISA's perspective and the
definition of source and destination networks.

It's all pretty well irrelevent however, the rules created by the CEICW
are correct if the network has been defined correctly. Rather than asking
'did the CEICW define this rule correctly' the OP should let us know what
problem he is experiencing, what error message is occurring, and just why
the frack someone who needs assistance understanding ISA inbound/outbound
definition believes there is any benefit in questioning the result of
several hundred hours of MS' best dev team development and the experience
of several thousand users.

I think I better 'back off', something got 'under my collar' earlier
today, I think I'm starting to bite simply because it feels good.

"J. M. De Moor" <nospam@xxxxxxxxxx> wrote in message
news:etqVryLVHHA.600@xxxxxxxxxxxxxxxxxxxxxxx
Jeff

I believe the direction is "outbound" when seen from External to Local,
which is correct. Although SBS dynamically opens port 4125, it is the
remote ActiveX that initiates the connection to SBS using 4125. If you
look at the URL that RWW receives from SBS when you try to connect to a
computer on the network, you will notice a &Port=4125&, in effect telling
the remote browser to use that port. From the perspective of the remote
computer, it is outbound. ISA Server (out of the box) blocks actual
outbound traffic on port 4125, which is why connecting to a computer on
your internal network via RWW gives you problems.

...at least that is the way I understand it. Hehe.

Joe

"Jeff Teel" <jdteel@RMoveThis sugardog.com> wrote in message
news:OltwwDLVHHA.4784@xxxxxxxxxxxxxxxxxxxxxxx
I am looking at a rule in ISA 2004 named SBS RWW Inbound Access Rule. It
has an Allow action, the protocol is named
SBS_Custom_Protocol_TCP_Outbound_4125 and in the details for that
protocol it is using port 4125 Outbound. It is from the External
listener to Local Host.

My questions: Is that rule correct for allowing Remote Desktop from
outside the LAN and should there be a rule for port 4125 Inbound as
well? I'm not seeing one.

Thanks
Jeff







.

Relevant Pages

  • Re: Using Remote Desktop From an SBS Domain
    ... I should say bypassing my server not the router. ... Right click My Network Places...Properties. ... Internet connection, bypassing my SBS/ISA network all together. ... the port number you connect to from 80 to a port of your ...
    (microsoft.public.windows.server.sbs)
  • Re: Using Remote Desktop From an SBS Domain
    ... between me and the Internet and that is as much as I know. ... computer that is on a remote network now. ... Internet connection, bypassing my SBS/ISA network all together. ... the port number you connect to from 80 to a port of your ...
    (microsoft.public.windows.server.sbs)
  • Re: Using Remote Desktop From an SBS Domain
    ... Right click My Network Places...Properties. ... computer that is on a remote network now. ... Internet connection, bypassing my SBS/ISA network all together. ... the port number you connect to from 80 to a port of your ...
    (microsoft.public.windows.server.sbs)
  • Re: Using Remote Desktop From an SBS Domain
    ... Internet connection, bypassing my SBS/ISA network all together. ... end of a Remote Desktop connection and have found little about it. ... the port number you connect to from 80 to a port of your ...
    (microsoft.public.windows.server.sbs)
  • Slow network printing to 98 machine and blocking port 445
    ... since Win2000 and also in WinXP, when windows networking is bound to ... a port 445 open (and would not know how to handle those incoming network ... connection timeout so that the freezing stops after that time ...
    (microsoft.public.windowsxp.help_and_support)