RE: Publishing terminal services behind ISA/VPN

• From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
• To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
• Date: Sat, 8 May 2004 10:13:20 -0500

Hi Marvin,

All you need to do is create a Protocol Definition that is configured to
allow inbound TCP 3389 and then create a Server Publishing Rule using
that Protocol Definition.

HTH,
Tom

Thomas W Shinder
www.isaserver.org/shinder
ISA 2004 Beta - Get it now!
http://www.microsoft.com/isaserver/beta/default.asp
ISA Server and Beyond: http://tinyurl.com/1jq1
Configuring ISA Server: http://tinyurl.com/1llp

 


-----Original Message-----
From: Marvin Cummings [mailto:marvc@xxxxxxxxxxxxxxx] 
Sent: Friday, May 07, 2004 8:32 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Publishing terminal services behind ISA/VPN


http://www.ISAserver.org

Yes and that's what prompted me to ask this question. I think I saw two
listed for publishing using the TS client on Windows 2000 and was
wondering if there was something on publishing TS on Windows 2003 and
the ISA server? So it would beL2TP/IPSec VPN client - ISA?VPN - TS - LAN
I think!

Thanks

-----Original Message-----
From: Jim Harrison [mailto:jim@xxxxxxxxxxxx] 
Sent: Friday, May 07, 2004 1:56 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Publishing terminal services behind ISA/VPN

http://www.ISAserver.org

RDP IS secure.
Even the weakest encryption is better than 56 bits...
Certificates are irrelevant to this question.
What you "type to gain access" is dependent on the rules you configure
at the ISA.

Have you looked at the isaserver.org articles and KB articles for
publishing TS on and behind ISA?

 Jim Harrison
 MCP(NT4, W2K), A+, Network+, PCG
 http://www.microsoft.com/isaserver
 http://isaserver.org/Jim_Harrison
 http://isatools.org

 Read the help, books and articles!
----- Original Message ----- 
From: "Marvin Cummings" <marvc@xxxxxxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Thursday, May 06, 2004 22:20
Subject: [isalist] RE: Publishing terminal services behind ISA/VPN


http://www.ISAserver.org

Yes. I'd like access to any particular host upon establishing a VPN
connection using the most secure method. I'm using static IP's on the
external interface with one for web and one for mail and I could add one
more for remote access.
If I add another static IP to the external interface I'm assuming I type
that to gain access to RDP. If this is correct how do I make it secure?
Do or can I request a certificate for this IP? What about terminal
services, do I still need to configure that port? I think I saw it
written and diagramed where ISA - VPN - TS - LAN. Can you point me to a
source, link or online doc explaining this? 

Thanks

-----Original Message-----
From: Jim Harrison [mailto:jim@xxxxxxxxxxxx] 
Sent: Friday, May 07, 2004 12:33 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Publishing terminal services behind ISA/VPN

http://www.ISAserver.org

You should always use static IPs on the ISA external interface whenever
possible.
Since Windows RDP is already encrypted, you really only add overhead
with a VPN channel.

If you want direct access to the internal hosts, use a VPN channel; if
you only need console access, leave it to RDP.

  Jim Harrison
  MCP(NT4, W2K), A+, Network+, PCG
  http://isaserver.org/Jim_Harrison/
  http://isatools.org
  Read the help / books / articles!


On Thu, 6 May 2004 17:45:03 -0400
 "Marvin Cummings" <marvc@xxxxxxxxxxxxxxx> wrote:
http://www.ISAserver.org

Isn't all of this possible via a secured connection to the ISA/VPN
server and then to terminal services? I too want to be able to access my
internal network remotely and I'm hoping to do it this way instead of
adding a ton of 3rd party apps to the server. 

Also is it also possible or wise to assign a static IP to the external
interface of the ISA and connect to the ISA/VPN/TS server?

 

Thanks 

 

________________________________

From: Greg Mulholland [mailto:gregstelatel@xxxxxxxxxxx] 
Sent: Wednesday, May 05, 2004 8:44 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Publishing terminal services behind ISA/VPN

 

http://www.ISAserver.org

 

Joseph

 

I winscp is my MVT (most valuable tool) atm, occassionally i have run a
windows ssh server on my isa so i can use ssh from the outside. You can
also port stuff over ssh which is lovely and secure, things like VNC and
stuff.

 

http://winscp.sourceforge.net/eng/ - winscp 

http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html -- putty
ssh client

http://www.bitvise.com/winsshd.html -- ssh server for windows

 

Greg Mulholland
Stelatel Communications
Unit 3 641-643 Centre Rd
Bentleigh East, VIC
Phone: (03) 9576-5699
Fax:   (03) 9576-5899
gregstelatel@xxxxxxxxxxx
www.stelatel.com

  

 

 

________________________________

From: cismic [mailto:cismic@xxxxxxx] 
Sent: Thursday, 6 May 2004 9:09 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Publishing terminal services behind ISA/VPN

http://www.ISAserver.org

Hi Thomas,

I guess I could use FTP to post the new pages. And then create a special
*.aspx page that I can use to compile the new site pages.  Isnt' SSH
more for the unix world?  I was just searching for a windows version of
SSH.

I find that back to back processes although more secure are a little
harder to get working the way I want.

 

Thank you,

Joseph

----- Original Message ----- 

From: Thomas W Shinder <mailto:tshinder@xxxxxxxxxxx>  

To: [ISAserver.org Discussion List]
<mailto:isalist@xxxxxxxxxxxxx>  

Sent: Wednesday, May 05, 2004 3:59 PM

Subject: [isalist] RE: Publishing terminal services behind
ISA/VPN



http://www.ISAserver.org

Hi Joseph,



How about FTP or SSH? I prefer not to run TS on a public access
box, esp. one that allows anonymous public access.



HTH,

Tom

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
marvc@xxxxxxxxxxxxxxx
To unsubscribe send a blank email to
$subst('Email.Unsub') 



------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe send a blank email to
$subst('Email.Unsub')

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
marvc@xxxxxxxxxxxxxxx
To unsubscribe send a blank email to
$subst('Email.Unsub')



------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe send a blank email to
$subst('Email.Unsub')


------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
marvc@xxxxxxxxxxxxxxx
To unsubscribe send a blank email to
$subst('Email.Unsub')



------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')

Other related posts:

• » Publishing terminal services behind ISA/VPN
• » Re: Publishing terminal services behind ISA/VPN
• » RE: Publishing terminal services behind ISA/VPN
• » RE: Publishing terminal services behind ISA/VPN
• » RE: Publishing terminal services behind ISA/VPN
• » RE: Publishing terminal services behind ISA/VPN
• » RE: Publishing terminal services behind ISA/VPN
• » RE: Publishing terminal services behind ISA/VPN
• » RE: Publishing terminal services behind ISA/VPN
• » RE: Publishing terminal services behind ISA/VPN
• » RE: Publishing terminal services behind ISA/VPN
• » RE: Publishing terminal services behind ISA/VPN
• » RE: Publishing terminal services behind ISA/VPN
• » RE: Publishing terminal services behind ISA/VPN
• » RE: Publishing terminal services behind ISA/VPN
• » RE: Publishing terminal services behind ISA/VPN
• » RE: Publishing terminal services behind ISA/VPN
• » RE: Publishing terminal services behind ISA/VPN
• » RE: Publishing terminal services behind ISA/VPN
• » RE: Publishing terminal services behind ISA/VPN

1. Home
2. isalist
3. Archive
4. 05-2004

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---