Re: ISA Rule for Remote Desktop?
- From: Jim Behning SBS MVP <jimbehning@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Tue, 20 Feb 2007 12:57:39 GMT
Is the ip that changes a real world ip that your server sees? I guess
I am asking if your SBS external nic has a private NAT ip like
10.0.1.2 and the router is at 10.0.1.1 which never changes? If so then
maybe it has nothing to do with your server. If your SBS has a real
world external ip and it is changing then you might need to run the
connect to the internet wizard. We are a small shop which if everyone
called us at once we could touch 70 different servers with a lot of
different isps. I have never heard of one isp changing their external
ip willy nilly if the account bought a static ip. I do not trust that
the isp is not doing something funny. If you called Microsoft they
would start netmon traces on the remote workstation, the SBS and the
internal workstation.
They would also want to see a ipconfig /all from the server and the
desired internal workstation. Maybe a route print.
On Tue, 20 Feb 2007 07:29:10 -0500, "Jeff Teel" <jdteel@RMoveThis
sugardog.com> wrote:
Well here is the "rest of the story". My Internet provider has the ability.
to provide "backup bandwidth" if one of their resources fails or is having
problems (of course depending on the source of the problem). So when I'm on
backup bandwidth I have a different IP address than the normal address.
Recently I've been switched to the backup and in turn have a different IP
address. I initially noticed that there was no access to RWW. After we got
that problem figured out (A record for the domain name pointing to the wrong
IP address) I can now access RWW and use Outlook Web but still can't Remote
Desktop into anything from within RWW (from outside the LAN). It has worked
in the past...this is not a new configuration.....and the ISP has ports 25,
443, 444, and 4125 forwarded to my WAN card on the server. I see the
attempts being made from the logging interface in ISA to port 4125 when I
attempt to do Remote Desktop from outside my network but I receive this
message:
"The client could not connect to the remote computer. Remote connections
might not be enabled or the computer might be too busy to accept new
connections. It is also possible that network problems are preventing your
connection. Please try again later. If the problem continues to occur,
contact your administrator."
The blue information bar on this window says: VBScript: Remote Desktop
Disconnected. I'm sure that traffic is getting through to port 4125 because
I can see the attempt being made to connect to that port in ISA logging but
it looks like it gets closed right after that. There are three connection
attempts in the ISA log and right after each attempt the connection is
closed.
Thanks
Jeff
"SuperGumby [SBS MVP]" <not@xxxxxxxxxxx> wrote in message
news:uYc0nOMVHHA.1208@xxxxxxxxxxxxxxxxxxxxxxx
GAWD, that, and how ISA defines inbound/outbound rules, just confuses me.
ISA rules have nothing to do with how the remote PC sees it. The
inbound/outbound is purely from (some wierd MS) ISA's perspective and the
definition of source and destination networks.
It's all pretty well irrelevent however, the rules created by the CEICW
are correct if the network has been defined correctly. Rather than asking
'did the CEICW define this rule correctly' the OP should let us know what
problem he is experiencing, what error message is occurring, and just why
the frack someone who needs assistance understanding ISA inbound/outbound
definition believes there is any benefit in questioning the result of
several hundred hours of MS' best dev team development and the experience
of several thousand users.
I think I better 'back off', something got 'under my collar' earlier
today, I think I'm starting to bite simply because it feels good.
"J. M. De Moor" <nospam@xxxxxxxxxx> wrote in message
news:etqVryLVHHA.600@xxxxxxxxxxxxxxxxxxxxxxx
Jeff
I believe the direction is "outbound" when seen from External to Local,
which is correct. Although SBS dynamically opens port 4125, it is the
remote ActiveX that initiates the connection to SBS using 4125. If you
look at the URL that RWW receives from SBS when you try to connect to a
computer on the network, you will notice a &Port=4125&, in effect telling
the remote browser to use that port. From the perspective of the remote
computer, it is outbound. ISA Server (out of the box) blocks actual
outbound traffic on port 4125, which is why connecting to a computer on
your internal network via RWW gives you problems.
...at least that is the way I understand it. Hehe.
Joe
"Jeff Teel" <jdteel@RMoveThis sugardog.com> wrote in message
news:OltwwDLVHHA.4784@xxxxxxxxxxxxxxxxxxxxxxx
I am looking at a rule in ISA 2004 named SBS RWW Inbound Access Rule. It
has an Allow action, the protocol is named
SBS_Custom_Protocol_TCP_Outbound_4125 and in the details for that
protocol it is using port 4125 Outbound. It is from the External
listener to Local Host.
My questions: Is that rule correct for allowing Remote Desktop from
outside the LAN and should there be a rule for port 4125 Inbound as
well? I'm not seeing one.
Thanks
Jeff
- Follow-Ups:
- Re: ISA Rule for Remote Desktop?
- From: Jeff Teel
- Re: ISA Rule for Remote Desktop?
- References:
- ISA Rule for Remote Desktop?
- From: Jeff Teel
- Re: ISA Rule for Remote Desktop?
- From: J. M. De Moor
- Re: ISA Rule for Remote Desktop?
- From: SuperGumby [SBS MVP]
- Re: ISA Rule for Remote Desktop?
- From: Jeff Teel
- ISA Rule for Remote Desktop?
- Prev by Date: Re: Can't browse across subnets
- Next by Date: Re: Exchange and SQL on same SBS Server
- Previous by thread: Re: ISA Rule for Remote Desktop?
- Next by thread: Re: ISA Rule for Remote Desktop?
- Index(es):
Relevant Pages
|
