Re: ISA Rule for Remote Desktop?
- From: "Jeff Teel" <jdteel@RMoveThis sugardog.com>
- Date: Tue, 20 Feb 2007 11:14:08 -0500
<Is the ip that changes a real world ip that your server sees?>
Yes. It is my WAN IP address that changes on the router. The reason being
they have at least two different IP address ranges, one in the
12.xxx.xxx.xxx range and another in the 206.xxx.xxx.xxx range which in
essence represent two different network services.
<I guess I am asking if your SBS external nic has a private NAT ip
like10.0.1.2 and the router is at 10.0.1.1 which never changes?>
My server has a private IP address on the WAN NIC.
<If so then maybe it has nothing to do with your server. If your SBS has a
real world external ip and it is changing then you might need to run the
connect to the internet wizard.>
These are all valid questions. I would think if this point was true it
would keep RWW/OWA from working as well but they work fine.
I understand the need to change the public IP address and won't go into
detail about that. In short it's two ISP's working together and when one has
problems the other supplies bandwidth. The people are up front with me and
know that they aren't working with someone that has no idea how networking
works. Not saying I know everything but can hold my own.
I've just had an opportunity to try testing Remote Desktop through RWW from
a totally different Internet Provider and I got connected just fine. When I
test using dialup I am able to get into RWW but not Remote Desktop from
there. So it would seem that something is strange within my Internet
Providers setup that is keeping this from working but that is is the million
dollar question!
Thanks
Jeff
"Jim Behning SBS MVP" <jimbehning@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx> wrote in
message news:3lrlt2pf42c9dsr4c45fsj8jl26bqfqa9f@xxxxxxxxxx
Is the ip that changes a real world ip that your server sees? I guess
I am asking if your SBS external nic has a private NAT ip like
10.0.1.2 and the router is at 10.0.1.1 which never changes? If so then
maybe it has nothing to do with your server. If your SBS has a real
world external ip and it is changing then you might need to run the
connect to the internet wizard. We are a small shop which if everyone
called us at once we could touch 70 different servers with a lot of
different isps. I have never heard of one isp changing their external
ip willy nilly if the account bought a static ip. I do not trust that
the isp is not doing something funny. If you called Microsoft they
would start netmon traces on the remote workstation, the SBS and the
internal workstation.
They would also want to see a ipconfig /all from the server and the
desired internal workstation. Maybe a route print.
On Tue, 20 Feb 2007 07:29:10 -0500, "Jeff Teel" <jdteel@RMoveThis
sugardog.com> wrote:
Well here is the "rest of the story". My Internet provider has the
ability
to provide "backup bandwidth" if one of their resources fails or is having
problems (of course depending on the source of the problem). So when I'm
on
backup bandwidth I have a different IP address than the normal address.
Recently I've been switched to the backup and in turn have a different IP
address. I initially noticed that there was no access to RWW. After we
got
that problem figured out (A record for the domain name pointing to the
wrong
IP address) I can now access RWW and use Outlook Web but still can't
Remote
Desktop into anything from within RWW (from outside the LAN). It has
worked
in the past...this is not a new configuration.....and the ISP has ports
25,
443, 444, and 4125 forwarded to my WAN card on the server. I see the
attempts being made from the logging interface in ISA to port 4125 when I
attempt to do Remote Desktop from outside my network but I receive this
message:
"The client could not connect to the remote computer. Remote connections
might not be enabled or the computer might be too busy to accept new
connections. It is also possible that network problems are preventing
your
connection. Please try again later. If the problem continues to occur,
contact your administrator."
The blue information bar on this window says: VBScript: Remote Desktop
Disconnected. I'm sure that traffic is getting through to port 4125
because
I can see the attempt being made to connect to that port in ISA logging
but
it looks like it gets closed right after that. There are three connection
attempts in the ISA log and right after each attempt the connection is
closed.
Thanks
Jeff
"SuperGumby [SBS MVP]" <not@xxxxxxxxxxx> wrote in message
news:uYc0nOMVHHA.1208@xxxxxxxxxxxxxxxxxxxxxxx
GAWD, that, and how ISA defines inbound/outbound rules, just confuses
me.
ISA rules have nothing to do with how the remote PC sees it. The
inbound/outbound is purely from (some wierd MS) ISA's perspective and
the
definition of source and destination networks.
It's all pretty well irrelevent however, the rules created by the CEICW
are correct if the network has been defined correctly. Rather than
asking
'did the CEICW define this rule correctly' the OP should let us know
what
problem he is experiencing, what error message is occurring, and just
why
the frack someone who needs assistance understanding ISA
inbound/outbound
definition believes there is any benefit in questioning the result of
several hundred hours of MS' best dev team development and the
experience
of several thousand users.
I think I better 'back off', something got 'under my collar' earlier
today, I think I'm starting to bite simply because it feels good.
"J. M. De Moor" <nospam@xxxxxxxxxx> wrote in message
news:etqVryLVHHA.600@xxxxxxxxxxxxxxxxxxxxxxx
Jeff
I believe the direction is "outbound" when seen from External to Local,
which is correct. Although SBS dynamically opens port 4125, it is the
remote ActiveX that initiates the connection to SBS using 4125. If you
look at the URL that RWW receives from SBS when you try to connect to a
computer on the network, you will notice a &Port=4125&, in effect
telling
the remote browser to use that port. From the perspective of the
remote
computer, it is outbound. ISA Server (out of the box) blocks actual
outbound traffic on port 4125, which is why connecting to a computer on
your internal network via RWW gives you problems.
...at least that is the way I understand it. Hehe.
Joe
"Jeff Teel" <jdteel@RMoveThis sugardog.com> wrote in message
news:OltwwDLVHHA.4784@xxxxxxxxxxxxxxxxxxxxxxx
I am looking at a rule in ISA 2004 named SBS RWW Inbound Access Rule.
It
has an Allow action, the protocol is named
SBS_Custom_Protocol_TCP_Outbound_4125 and in the details for that
protocol it is using port 4125 Outbound. It is from the External
listener to Local Host.
My questions: Is that rule correct for allowing Remote Desktop from
outside the LAN and should there be a rule for port 4125 Inbound as
well? I'm not seeing one.
Thanks
Jeff
.
- Follow-Ups:
- Re: ISA Rule for Remote Desktop?
- From: Jim Behning SBS MVP
- Re: ISA Rule for Remote Desktop?
- References:
- ISA Rule for Remote Desktop?
- From: Jeff Teel
- Re: ISA Rule for Remote Desktop?
- From: J. M. De Moor
- Re: ISA Rule for Remote Desktop?
- From: SuperGumby [SBS MVP]
- Re: ISA Rule for Remote Desktop?
- From: Jeff Teel
- Re: ISA Rule for Remote Desktop?
- From: Jim Behning SBS MVP
- ISA Rule for Remote Desktop?
- Prev by Date: Re: Need to move SBS 2003 onto new box, keep old one as a file/app
- Next by Date: Microsoft CAL Backup???
- Previous by thread: Re: ISA Rule for Remote Desktop?
- Next by thread: Re: ISA Rule for Remote Desktop?
- Index(es):
Relevant Pages
|
