October 20th, 2004, 09:33 PM
Blocking Remote Desktop with ISA
Hello, I am taking a Network services and security class. We are trying to get ISA to block incoming WAN RDC's while allowing local RDC's. We've tried creating different protocol rules. Our WAN address set is 192.168.213.#/24, these are the ones that are to be blocked. Our LAN set is 192.168.14.#, which are to be allowed.
October 20th, 2004, 10:32 PM
Are you pc move to SP2? You could created a rules in your active directory that allow RDC only your local subnet.
October 20th, 2004, 11:42 PM
You didnt say what you tried to block specifically.
Why not just block port 3389 on the external/WAN interface coming in?
October 21st, 2004, 12:58 AM
Sorry about the lack of info.
My server is running win2k w/service pack 4 on it and my laptop is running winxp pro sp1. I have we blocked port 3389 both incoming and outgoing, neither of them seems to work. We have not as of yet installed AD on to our machines, we are to work things out without it. We don't deal with AD at any point during this semester. I set up a policy with ISA to block all incoming requests from ip addresses 192.168.213.1 to 192.168.213.254, 192.168.213.14 being the exception to the rule. That should have blocked off all outside RDC requests. My nieghbor could still access my server with RDC, by using his laptop connected to his server.
October 21st, 2004, 03:03 PM
Install SP2 and run this attachement reg file. I'll configure the firewall on all machine. (You'll need to install SP2 someday and it's pretty good)
Created a batch file like this one
regedit /S "X:FullFirewallStandard.reg"
"x:\Sp2\i386\Update\Update.exe" /passive /forcerestart /f
Where X is the location where you extract SP2.
To extract SP2, Check my tutorial : How to integrate and deploy Service Pack 2 for Windows XP