Hi Marvin, All you need to do is create a Protocol Definition that is configured to allow inbound TCP 3389 and then create a Server Publishing Rule using that Protocol Definition. HTH, Tom Thomas W Shinder www.isaserver.org/shinder ISA 2004 Beta - Get it now! http://www.microsoft.com/isaserver/beta/default.asp ISA Server and Beyond: http://tinyurl.com/1jq1 Configuring ISA Server: http://tinyurl.com/1llp -----Original Message----- From: Marvin Cummings [mailto:marvc@xxxxxxxxxxxxxxx] Sent: Friday, May 07, 2004 8:32 AM To: [ISAserver.org Discussion List] Subject: [isalist] RE: Publishing terminal services behind ISA/VPN http://www.ISAserver.org Yes and that's what prompted me to ask this question. I think I saw two listed for publishing using the TS client on Windows 2000 and was wondering if there was something on publishing TS on Windows 2003 and the ISA server? So it would beL2TP/IPSec VPN client - ISA?VPN - TS - LAN I think! Thanks -----Original Message----- From: Jim Harrison [mailto:jim@xxxxxxxxxxxx] Sent: Friday, May 07, 2004 1:56 AM To: [ISAserver.org Discussion List] Subject: [isalist] RE: Publishing terminal services behind ISA/VPN http://www.ISAserver.org RDP IS secure. Even the weakest encryption is better than 56 bits... Certificates are irrelevant to this question. What you "type to gain access" is dependent on the rules you configure at the ISA. Have you looked at the isaserver.org articles and KB articles for publishing TS on and behind ISA? Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://www.microsoft.com/isaserver http://isaserver.org/Jim_Harrison http://isatools.org Read the help, books and articles! ----- Original Message ----- From: "Marvin Cummings" <marvc@xxxxxxxxxxxxxxx> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> Sent: Thursday, May 06, 2004 22:20 Subject: [isalist] RE: Publishing terminal services behind ISA/VPN http://www.ISAserver.org Yes. I'd like access to any particular host upon establishing a VPN connection using the most secure method. I'm using static IP's on the external interface with one for web and one for mail and I could add one more for remote access. If I add another static IP to the external interface I'm assuming I type that to gain access to RDP. If this is correct how do I make it secure? Do or can I request a certificate for this IP? What about terminal services, do I still need to configure that port? I think I saw it written and diagramed where ISA - VPN - TS - LAN. Can you point me to a source, link or online doc explaining this? Thanks -----Original Message----- From: Jim Harrison [mailto:jim@xxxxxxxxxxxx] Sent: Friday, May 07, 2004 12:33 AM To: [ISAserver.org Discussion List] Subject: [isalist] RE: Publishing terminal services behind ISA/VPN http://www.ISAserver.org You should always use static IPs on the ISA external interface whenever possible. Since Windows RDP is already encrypted, you really only add overhead with a VPN channel. If you want direct access to the internal hosts, use a VPN channel; if you only need console access, leave it to RDP. Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://isaserver.org/Jim_Harrison/ http://isatools.org Read the help / books / articles! On Thu, 6 May 2004 17:45:03 -0400 "Marvin Cummings" <marvc@xxxxxxxxxxxxxxx> wrote: http://www.ISAserver.org Isn't all of this possible via a secured connection to the ISA/VPN server and then to terminal services? I too want to be able to access my internal network remotely and I'm hoping to do it this way instead of adding a ton of 3rd party apps to the server. Also is it also possible or wise to assign a static IP to the external interface of the ISA and connect to the ISA/VPN/TS server? Thanks ________________________________ From: Greg Mulholland [mailto:gregstelatel@xxxxxxxxxxx] Sent: Wednesday, May 05, 2004 8:44 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: Publishing terminal services behind ISA/VPN http://www.ISAserver.org Joseph I winscp is my MVT (most valuable tool) atm, occassionally i have run a windows ssh server on my isa so i can use ssh from the outside. You can also port stuff over ssh which is lovely and secure, things like VNC and stuff. http://winscp.sourceforge.net/eng/ - winscp http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html -- putty ssh client http://www.bitvise.com/winsshd.html -- ssh server for windows Greg Mulholland Stelatel Communications Unit 3 641-643 Centre Rd Bentleigh East, VIC Phone: (03) 9576-5699 Fax: (03) 9576-5899 gregstelatel@xxxxxxxxxxx www.stelatel.com ________________________________ From: cismic [mailto:cismic@xxxxxxx] Sent: Thursday, 6 May 2004 9:09 AM To: [ISAserver.org Discussion List] Subject: [isalist] RE: Publishing terminal services behind ISA/VPN http://www.ISAserver.org Hi Thomas, I guess I could use FTP to post the new pages. And then create a special *.aspx page that I can use to compile the new site pages. Isnt' SSH more for the unix world? I was just searching for a windows version of SSH. I find that back to back processes although more secure are a little harder to get working the way I want. Thank you, Joseph ----- Original Message ----- From: Thomas W Shinder <mailto:tshinder@xxxxxxxxxxx> To: [ISAserver.org Discussion List] <mailto:isalist@xxxxxxxxxxxxx> Sent: Wednesday, May 05, 2004 3:59 PM Subject: [isalist] RE: Publishing terminal services behind ISA/VPN http://www.ISAserver.org Hi Joseph, How about FTP or SSH? I prefer not to run TS on a public access box, esp. one that allows anonymous public access. HTH, Tom ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: marvc@xxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: marvc@xxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: marvc@xxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')