Re: publishing Terminal Server

• From: <HCALM1@xxxxxxxx>
• To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
• Date: Fri, 7 Dec 2001 10:44:25 -0500

Okay,

Let me get this right, cause unfortunately I'm at work and unable to test
any of this now. (By the way, I only have two servers :( - or I would move
the Domain Controller to something else, can I have exchange on the ISA
server?, anything at all?)

I nede to create a protocol definition for ISA. Let's say I publish an
internal app server (citrix/TS) to an outside IP address on the ISA server
(which is really only an internal IP from the router using NAT to get the
outside IP), will I still have to move the terminal server port? (I believe
that's done in the registry, but I've never been successful at it.). Do I
have to publish the app server to the outside? Which wizard do I use?

I've also considered using VPN connections, but I'm not sure how that works
with ISA. Do I have to setup RRAS for incoming connections? Can that be on
the ISA server?

-Andy






Thor@xxxxxxxxxxxxxxx on 12/07/2001 10:12:30 AM

Please respond to "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>

To:   "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
cc:

Subject:  [isalist] Re: publishing Terminal Server


http://www.ISAserver.org



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Yes- if you want to use ISA to publish an internal Terminal Server, ISA
can't be using 3389 itself.  So, you either have to disable terminal
services on the ISA server, or move the port that it is listening on if you
still want to TS into the ISA itself.  I don't have the Q article handy
right now (just blew out my workstation and am still loading stuff).

Of course, you could do it the opposite way- keep your ISA server (which is
your DC, right? Yikes!) listening on 3389, but change the port for your
internal box to something like 13389, and publish that guy.  You will have
to change the client to use 13389 of course.

The main point here is that if you are going to publish protocols that are
not default ISA protocol definitions, you have to create "user" protocol
definitions and then publish them.  Secondly, If the ISA server itself is
using the port for something, you can't server publish an internal server
on the same port- not when you have something like TS that binds to all
interfaces.  If you could somehow keep terminal services bound to a single
IP, you could do it using multiple IP's on the interface, but to my
knowledge, there is not a way to do that.   (Jim- any ideas?)

Does that make sense?

AD


At 06:55 AM 12/7/2001, you wrote:
>http://www.ISAserver.org
>
>
>
>you mean terminal services is disabled on the ISA server?
>
>
>
>
>
>
>Thor@xxxxxxxxxxxxxxx on 12/07/2001 09:37:22 AM
>
>Please respond to "[ISAserver.org Discussion List]"
<isalist@xxxxxxxxxxxxx>
>
>To:   "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
>cc:
>
>Subject:  [isalist] Re: publishing Terminal Server
>
>
>http://www.ISAserver.org
>
>
>
>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA1
>
>At 06:13 AM 12/7/2001, you wrote:
> >http://www.ISAserver.org
> >
> >
> >I tried to publish my domain controller (also my ISA server) to allow
> >access for incoming Terminal Service sessions. I also want to publish an
> >internal server that way. When I had to select the type of server
(default
> >was "Exchange RPC Server) there was nothing to specify RDP. How can I
>setup
> >my server to be accessed from the outside world through RDP?
>
>Create a protocol definition for TS (Inbound TCP 3389) first.  When you go
>to publish the server, you will see your 'user' definitions in the list as
>well.  Don't forget to verify that TS is disabled on the ISA server
itself.
>
>hth.
>AD
>-----BEGIN PGP SIGNATURE-----
>Version: PGP 7.1
>
>iQA/AwUBPBDUIohsmyD15h5gEQILeQCdF+E2evPxYlVvjcTzoHfeYppitB4An0D4
>xF7LEABJzGSRppEMeFEseSm5
>=te3D
>-----END PGP SIGNATURE-----
>
>------------------------------------------------------
>You are currently subscribed to this ISAserver.org Discussion List as:
>hcalm1@xxxxxxxx
>To unsubscribe send a blank email to $subst('Email.Unsub')
>
>
>
>
>
>
>
>------------------------------------------------------
>You are currently subscribed to this ISAserver.org Discussion List as:
>thor@xxxxxxxxxxxxxxx
>To unsubscribe send a blank email to $subst('Email.Unsub')

-----BEGIN PGP SIGNATURE-----
Version: PGP 7.1

iQA/AwUBPBDcXYhsmyD15h5gEQL6WwCeKac1R4CIgymeQzNhCyeFiWaIefsAn2bb
t88wM4JUwML3pQkMSuYiUZwX
=FRax
-----END PGP SIGNATURE-----

------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
hcalm1@xxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')

Other related posts:

• » publishing Terminal Server
• » Re: publishing Terminal Server
• » Re: publishing Terminal Server
• » Re: publishing Terminal Server
• » Re: publishing Terminal Server
• » Re: publishing Terminal Server
• » Re: publishing Terminal Server

1. Home
2. isalist
3. Archive
4. 12-2001

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---