RE: ISA server cannot connect to Internet
- From: Glenn Maks <gmaks@xxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Thu, 18 Sep 2003 14:10:06 -0400
Thank you Tom,
I stand corrected or at least over looked the Packet Filtering, the
reason why TS was not responding on my Public Interface because I did in
fact have Packet Filtering enabled because I do have established L2TP
Tunnels between other ISA servers .. as far as locking down to specific IP
addresses, could you not create a custom packet filter specifying addresses
for TS services ?
-----Original Message-----
From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxxxxxxxxx]
Sent: Wednesday, September 17, 2003 7:31 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: ISA server cannot connect to Internet
http://www.ISAserver.org
Hi Glenn,
Terminal services, by default, listens on all interfaces. If packet
filtering is enabled, then the external interface won't accept incoming RDP
connection requests. However, if you publish terminal services, then you
need to configure the TS to listen only on the internal interface. In that
case, there is no mechanism that I'm aware of that allows you to control
what IP address can connect; however, that's a none issue because you have
to authenticate to connect.
HTH,
Tom
Thomas W Shinder
www.isaserver.org/shinder <http://www.isaserver.org/shinder>
ISA Server and Beyond: http://tinyurl.com/1jq1 <http://tinyurl.com/1jq1>
Configuring ISA Server: http://tinyurl.com/1llp <http://tinyurl.com/1llp>
-----Original Message-----
From: Glenn Maks [mailto:gmaks@xxxxxxxxx]
Sent: Wednesday, September 17, 2003 7:46 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: ISA server cannot connect to Internet
http://www.ISAserver.org
I would not be so quick to bash Terminal Services in Administration mode on
a Microsoft ISA server, as a matter of fact Microsoft suggests this as a
means for remote administration of the ISA server if your ISA server is
installed as a stand a lone server outside of a Active Directory Domain. To
put your worries to rest, Terminal Services
installed on a ISA Server will answer only from a Internal Interface, NOT
the public interface, in addition, there are ways to allow and deny by
specific IP addresses, which will further secure attempted access if people
discover that Terminal Services are running. Speaking for myself I know I
would NOT want to drive into work at 1:00 AM if I got a service call and had
to look at the ISA server to resolve the problem ... think about it.
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
gmaks@xxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
Other related posts:
