Will do that for you tomorrow morning (the logs) - The last time I checked the RDP packets were just getting dropped. (I don't recall any more specific information from that). The IP ranges - Sonicwall 212.219.123.7 WAN interface. Going to ISA 2004 on 212.219.123.4 (Both class C's) (and also various other IP address' for the published webservers and also Remote Desktop machines) Then going to a 10.10.0.2 on the internal (on a class B subnet) Various machines being on 10.10.1.x I've published the machines to specific 212.219.123.x IP's (we have a full class C for our disposal). Nothing fruity with the ports as of yet! Just standard 3389. Anything else? Or more specifics?? Cheers Jules (BTW - Is every one else getting 2 copies of every email?) -----Original Message----- From: Greg Mulholland [mailto:greg@xxxxxxxxxxxxxx] Sent: 08 August 2005 22:41 To: [ISAserver.org Discussion List] Subject: [isalist] RE: Sonicwall Pro 3060 / ISA 2004 / Remote Desktop Query http://www.ISAserver.org So if you run the logs on the sonicwall and on the ISA server, can you see where the incoming rdp connection breaks. Van we have a breakdown of the ip ranges on the sonicwall and isa interfaces.. -----Original Message----- From: Julian Wilkinson [mailto:jules@xxxxxxxxxxxxxx] Sent: Tuesday, August 09, 2005 3:54 AM To: [ISAserver.org Discussion List] Subject: [isalist] Sonicwall Pro 3060 / ISA 2004 / Remote Desktop Query http://www.ISAserver.org Hello, I've just been tasked with setting up my works firewall setup... However, all is going mostly swimmingly - But I've hit a stumbling block. We have a requirement for Remote Desktop access for some users from the outside in - and I can't get it to bridge across the two firewalls. The setup is that the Sonicwall is on the outside edge, and the ISA server plugged into the WAN port of the Sonicwall. ISA is doing some access rules, website publishing and proxying, the Sonicwall content filtering and provision of a DMZ (and usual edge firewall duties). I can't seem to get the Remote Desktop connection to bridge over the two servers. I can get Remote Desktop in "over the edge" or through ISA server publishing, but I can't get a connection from the outside to jump both hurdles. Has anyone done this? Can this be done? I know there is a connection being made as I get a connection error of "The Client could not establish a connection to the remote computer The most likely causes for this error are : 1) Remote connections might not be enabled at the remote computer (They are - I've tested it from the "space between" the Sonicwall and ISA) 2) The maximum number of connections was exceeded at the remote computer (not true) 3) A network error occurred while establishing the connection" (True - At a guess!) The interesting side effect of this is that I have to soft restart the sonicwall after this before it will then accept further Remote Desktop connections even to the perimeter. So - Anything I am doing wrong? Anything I am missing? (And I'll get on to my issue of Exchange front end / back ends and the same setup later, but I'm getting in the ear / neck too much with this problem first!) Help! Cheers Jules W. ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: greg@xxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jules@xxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx