ip redirection

[Guest]

Scenario: our partner company is allowing us access to one of their
application via Terminal server, to make it more secure they allowing
external access to the TS server only if traffic request is originated from
our IP range… so we created link on our Intranet to tsweb (our internal
server) page which then takes internal users to Remote Desktop Web Connection
screen and that’s how they get connected to our partner comp. Terminal
Server, now here is my question: we have large number of telecommuters,
remote employees which need to have an access to this application as well via
TS client, this could be accomplished by giving all external users vpn access
to our network but that’s a policy issue here, not all have or should have
such access we tried the following:
1. created firewall rule to allow access to tsweb page from external
2. and then redirect and connect to TS at partner site
but it did not work as it obviously shows client IP as originator not ours..
so my real question is there a way to “fake†it or redirect in any way so if
external client get to our tsweb and then type IP or name of the other TS
server it will shows IP from our range?

TX

 

[Guest]

Try NATing in ur Firewall to translate ur External ips to the intranet ip.

 

[Phillip Windell]

1. created firewall rule to allow access to tsweb page from external
2. and then redirect and connect to TS at partner site
but it did not work as it obviously shows client IP as originator not ours..
so my real question is there a way to "fake" it or redirect in any way so if
external client get to our tsweb and then type IP or name of the other TS
server it will shows IP from our range?

No,..none of that will work. You need VPN.

--
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com
-----------------------------------------------------
Understanding the ISA 2004 Access Rule Processing
http://www.isaserver.org/articles/ISA2004_AccessRules.html

Microsoft Internet Security & Acceleration Server: Guidance
http://www.microsoft.com/isaserver/techinfo/Guidance/2004.asp
http://www.microsoft.com/isaserver/techinfo/Guidance/2000.asp

Microsoft Internet Security & Acceleration Server: Partners
http://www.microsoft.com/isaserver/partners/default.asp
-----------------------------------------------------

 

[Guest]

tried already does not work, but thanks

Try NATing in ur Firewall to translate ur External ips to the intranet ip.

 

[Guest]

like I said vpn is not an option for all external users, does this mean there
isn't other way this could be done?

1. created firewall rule to allow access to tsweb page from external
2. and then redirect and connect to TS at partner site
but it did not work as it obviously shows client IP as originator not ours..
so my real question is there a way to "fake" it or redirect in any way so if
external client get to our tsweb and then type IP or name of the other TS
server it will shows IP from our range?

No,..none of that will work. You need VPN.

--
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com
-----------------------------------------------------
Understanding the ISA 2004 Access Rule Processing
http://www.isaserver.org/articles/ISA2004_AccessRules.html

Microsoft Internet Security & Acceleration Server: Guidance
http://www.microsoft.com/isaserver/techinfo/Guidance/2004.asp
http://www.microsoft.com/isaserver/techinfo/Guidance/2000.asp

Microsoft Internet Security & Acceleration Server: Partners
http://www.microsoft.com/isaserver/partners/default.asp

 

[Phillip Windell]

None that I am aware of.

--
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com
-----------------------------------------------------
Understanding the ISA 2004 Access Rule Processing
http://www.isaserver.org/articles/ISA2004_AccessRules.html

Microsoft Internet Security & Acceleration Server: Guidance
http://www.microsoft.com/isaserver/techinfo/Guidance/2004.asp
http://www.microsoft.com/isaserver/techinfo/Guidance/2000.asp

Microsoft Internet Security & Acceleration Server: Partners
http://www.microsoft.com/isaserver/partners/default.asp
-----------------------------------------------------

like I said vpn is not an option for all external users, does this mean there
isn't other way this could be done?

1. created firewall rule to allow access to tsweb page from external
2. and then redirect and connect to TS at partner site
but it did not work as it obviously shows client IP as originator not ours..
so my real question is there a way to "fake" it or redirect in any way

so
if

external client get to our tsweb and then type IP or name of the other TS
server it will shows IP from our range?

No,..none of that will work. You need VPN.

--
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com
-----------------------------------------------------
Understanding the ISA 2004 Access Rule Processing
http://www.isaserver.org/articles/ISA2004_AccessRules.html

Microsoft Internet Security & Acceleration Server: Guidance
http://www.microsoft.com/isaserver/techinfo/Guidance/2004.asp
http://www.microsoft.com/isaserver/techinfo/Guidance/2000.asp

Microsoft Internet Security & Acceleration Server: Partners
http://www.microsoft.com/isaserver/partners/default.asp