RE: terminal service client
- From: "Deus, Attonbitus" <Thor@xxxxxxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Tue, 10 Sep 2002 21:21:11 -0700
At 08:59 PM 9/10/2002, you wrote:
http://www.ISAserver.org
Good point. You could also if this is required for you to support from
home, you could follow a doc written by Steve at isaserver.org to publish
TS to a non-standard port.
Well, to be able to TS into BOTH the ISA box and Ex2k box, he will need to
change the port on one of them unless he does indeed VPN in, or has
multiple IP's he can server publish.
If he disables the TS binding to the external interface, leaving it enabled
on the internal interface, he can publish 3389 to his own internal
interface on one IP, and publish 3389 to the other IP (I actually have not
physically tested publishing to the internal interface, but it did let me
do it.)
He could also open 3389 directly to the ISA server, and publish an
alternate port to the internal Ex2k server. And as someone suggested, he
could VPN in, and then hit both internal interfaces.
So there are lots of choices. As far as the security risk, they are really
equal. The best thing, whether a VPN or published IP, is to limit what
remote IP can have access. That should about cover it.
--
AD
Other related posts: