RE: ISA server cannot connect to Internet

Hi Glenn,
 
I think where I was misinterpreting things was that I thought you
mentioned controlling by IP address when TS is listening on the INTERNAL
interface. When you create a packet filter on the external interface, or
even when you create a Server Publishing Rule that allows inbound
access, you can control the source IP address that connects, and that is
a good security policy, since it deals with dictionary, brute force, and
other unplesant attacks :-)
 
Thanks!
Tom

Thomas W Shinder 
www.isaserver.org/shinder 
ISA Server and Beyond: http://tinyurl.com/1jq1 
Configuring ISA Server: http://tinyurl.com/1llp 

        -----Original Message-----
        From: Glenn Maks [mailto:gmaks@xxxxxxxxx] 
        Sent: Thursday, September 18, 2003 1:10 PM
        To: [ISAserver.org Discussion List]
        Subject: [isalist] RE: ISA server cannot connect to Internet
        
        
        http://www.ISAserver.org
        
        
        Thank you Tom,
            I stand corrected or at least over looked the Packet
Filtering, the reason why TS was not responding on my Public Interface
because I did in fact have Packet Filtering enabled because I do have
established L2TP Tunnels between other ISA servers .. as far as locking
down to specific IP addresses, could you not create a custom packet
filter specifying addresses for TS services ?

                -----Original Message-----
                From: Thomas W Shinder
[mailto:tshinder@xxxxxxxxxxxxxxxxxx]
                Sent: Wednesday, September 17, 2003 7:31 PM
                To: [ISAserver.org Discussion List]
                Subject: [isalist] RE: ISA server cannot connect to
Internet
                
                
                http://www.ISAserver.org
                
                
                Hi Glenn,
                 
                Terminal services, by default, listens on all
interfaces. If packet filtering is enabled, then the external interface
won't accept incoming RDP connection requests. However, if you publish
terminal services, then you need to configure the TS to listen only on
the internal interface. In that case, there is no mechanism that I'm
aware of that allows you to control what IP address can connect;
however, that's a none issue because you have to authenticate to
connect.
                 
                HTH,
                Tom

                Thomas W Shinder 
                www.isaserver.org/shinder 
                ISA Server and Beyond: http://tinyurl.com/1jq1 
                Configuring ISA Server: http://tinyurl.com/1llp 

Other related posts: