To be specific, one can indeed use SSL for RDP connections. Win2k3 allows
specifying certificate-based TLS authentication at the server by installing
a valid cert, specifying SSL as the security layer, and then choosing what
encryption level you want, all the way to 140 bit FIPS as described in
KB895433. But this, as you pointed out, has nothing to do with ISA other
than publishing RDP.
t
http://www.ISAserver.org
Hi Raji,
There's nothing on the site for that specific scenario for ISA Server 2004 at this time, but if you are interested in the certificate deployment, you can use any of the OWA or SSL publishing articles. I was trying to think of what to write tonight and I was going to do something on SSL (secure) publishing, so maybe I can't wrap this scenario into the article.
Keep in mind that the RDP connection isn't an SSL connection. That is to say, this is not an RDP/HTTP scenario. The SSL connection is only to the log on page, but the RDP connection is RDP from end to end.
HTH, Tom
Thomas W Shinder, M.D. Site: www.isaserver.org Blog: http://spaces.msn.com/members/drisa/ Book: http://tinyurl.com/3xqb7 MVP -- ISA Firewalls
-----Original Message----- From: Raji Arulambalam [mailto:RajiA@xxxxxxxxxxxxxx] Sent: Monday, November 21, 2005 3:24 PM To: [ISAserver.org Discussion List] Subject: [isalist] Securing Remote access for RDP (Terminal Services)
http://www.ISAserver.org
Hi
My management wants me to secure remote access from the Internet to our published Terminal Server by using server certificates. We use both the TSAC web client and the RDP client on XP machines to connect. All this through ISA server 2000. This was setup following Tom's article back in 2001.
Any help on how to configure certificates to work with ISA server? Or where to look.
Thanks
Email disclaimer: This email and any attachments are confidential. If you are not the intended recipient, do not copy, disclose or use the contents in any way. If you receive this message in error, please let us know by return email and then destroy the message. Environment Bay of Plenty is not responsible for any changes made to this message and/or any attachments after sending. ****************************************************** This e-mail has been checked for viruses and no viruses were detected.
------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx