I worked with ISA Server 2006 again this week and took notes on a few configuration fixes that may help someone else. This is older technology, so treat this as an archive/reference post rather than current best-practice guidance.
Enable RDP Access to ISA Server
To allow Remote Desktop access to the ISA server:
- Open Administrative Tools.
- Go to Terminal Services Configuration.
- Open RDP-Tcp.
- Set RDP to listen only on the internal NIC.
- In ISA Management, enable the built-in System Rule that allows RDP.
- Add your admin machine’s IP address to the Remote Management Computers computer set.
You can find that computer set in the Toolbox under Firewall Policy.
Allow Browsing and CIFS Connections from ISA
The default system rule allows file connections from ISA to Internal, but it does not fully allow network browsing back to ISA.
To fix that, create a rule allowing the required NetBIOS traffic from:
Internal → Localhost
The default rule usually only covers:
Localhost → Internal
Allow Internal DNS Servers to Forward Externally
If Active Directory DNS uses forwarders, create a rule that allows your internal DNS servers to reach external DNS forwarders.
Rule direction:
Internal DNS Servers → External
Allow External Time Sync
If your primary Active Directory server needs external time, create an NTP rule.
Rule direction:
Primary AD Server or Internal → External
Allow Ping from Internal Network to Internet
If users or admins need to ping external systems, create a rule for ICMP/Ping.
Rule direction:
Internal → External
Allow VNC “Add Client” for Remote Support
For VNC reverse connections, create a rule for port 5500.
Rule direction:
Internal → External
Protocol:
VNC / TCP 5500
Use Monitoring to Build the Right Rules
When something does not work, do not guess. Use ISA monitoring.
Add the client IP address of the test machine, then watch the connection attempts in real time. The monitoring logs usually show exactly which protocol, port, source, and destination need a rule.
That is often the fastest way to troubleshoot ISA firewall policy problems.
Discover more from SofTouch Systems
Subscribe to get the latest posts sent to your email.