Yes. I'd like access to any particular host upon establishing a VPN connection using the most secure method. I'm using static IP's on the external interface with one for web and one for mail and I could add one more for remote access. If I add another static IP to the external interface I'm assuming I type that to gain access to RDP. If this is correct how do I make it secure? Do or can I request a certificate for this IP? What about terminal services, do I still need to configure that port? I think I saw it written and diagramed where ISA - VPN - TS - LAN. Can you point me to a source, link or online doc explaining this? Thanks -----Original Message----- From: Jim Harrison [mailto:jim@xxxxxxxxxxxx] Sent: Friday, May 07, 2004 12:33 AM To: [ISAserver.org Discussion List] Subject: [isalist] RE: Publishing terminal services behind ISA/VPN http://www.ISAserver.org You should always use static IPs on the ISA external interface whenever possible. Since Windows RDP is already encrypted, you really only add overhead with a VPN channel. If you want direct access to the internal hosts, use a VPN channel; if you only need console access, leave it to RDP. Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://isaserver.org/Jim_Harrison/ http://isatools.org Read the help / books / articles! On Thu, 6 May 2004 17:45:03 -0400 "Marvin Cummings" <marvc@xxxxxxxxxxxxxxx> wrote: http://www.ISAserver.org Isn't all of this possible via a secured connection to the ISA/VPN server and then to terminal services? I too want to be able to access my internal network remotely and I'm hoping to do it this way instead of adding a ton of 3rd party apps to the server. Also is it also possible or wise to assign a static IP to the external interface of the ISA and connect to the ISA/VPN/TS server? Thanks ________________________________ From: Greg Mulholland [mailto:gregstelatel@xxxxxxxxxxx] Sent: Wednesday, May 05, 2004 8:44 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: Publishing terminal services behind ISA/VPN http://www.ISAserver.org Joseph I winscp is my MVT (most valuable tool) atm, occassionally i have run a windows ssh server on my isa so i can use ssh from the outside. You can also port stuff over ssh which is lovely and secure, things like VNC and stuff. http://winscp.sourceforge.net/eng/ - winscp http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html -- putty ssh client http://www.bitvise.com/winsshd.html -- ssh server for windows Greg Mulholland Stelatel Communications Unit 3 641-643 Centre Rd Bentleigh East, VIC Phone: (03) 9576-5699 Fax: (03) 9576-5899 gregstelatel@xxxxxxxxxxx www.stelatel.com ________________________________ From: cismic [mailto:cismic@xxxxxxx] Sent: Thursday, 6 May 2004 9:09 AM To: [ISAserver.org Discussion List] Subject: [isalist] RE: Publishing terminal services behind ISA/VPN http://www.ISAserver.org Hi Thomas, I guess I could use FTP to post the new pages. And then create a special *.aspx page that I can use to compile the new site pages. Isnt' SSH more for the unix world? I was just searching for a windows version of SSH. I find that back to back processes although more secure are a little harder to get working the way I want. Thank you, Joseph ----- Original Message ----- From: Thomas W Shinder <mailto:tshinder@xxxxxxxxxxx> To: [ISAserver.org Discussion List] <mailto:isalist@xxxxxxxxxxxxx> Sent: Wednesday, May 05, 2004 3:59 PM Subject: [isalist] RE: Publishing terminal services behind ISA/VPN http://www.ISAserver.org Hi Joseph, How about FTP or SSH? I prefer not to run TS on a public access box, esp. one that allows anonymous public access. HTH, Tom ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: marvc@xxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: marvc@xxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')