There is a brief discussion at the end of this article on how to publish Terminal Servers if you have only one external IP address available. However, you will be unable to use the Web-based Terminal Services Advanced Client (TSAC) in this situation.
There may be other options to give users access to the Terminal Server on the private Local Access Network (LAN) that are not discussed in this article, but that should be considered. These include Remote Access Service (RAS) and Virtual Private Network (VPN) connections to the private network.
This will cause any request for a Terminal Server that hits the external interface of the ISA server to be answered by the Terminal Services running on the ISA server.
In order to Server Publish a Windows 2000 Terminal Server on a private Intranet to the Internet via Internet Security and Acceleration Server (ISA) where the ISA server is also running Terminal Server, perform the following steps.
Step One: Create a Protocol DefinitionTo create a protocol definition, perform the following steps.
- Click Start, point to Programs, click Microsoft ISA Server, and then click to open the ISA Management MMC.
- Click to expand Servers and Arrays, click to expand your array, and then expand Policy Elements.
- Right click Protocol Definitions, click New, and then click Definition.
- Give this definition a name, for example, "Inbound Terminal Server", and then click Next.
- In the Port field, type 3389, in Protocol type, click to select TCP, in the Direction field, click to select Inbound, and then click Next.
- Under Secondary Connections, click No, click Next, and then click Finish.
Step Two: Publish the Terminal ServerTo publish the Terminal Server, perform the following steps.
- In the ISA Management console, click Publishing, right click Server Publishing Rules, and then click New Rule.
- Give this rule a name, for example, "Inbound Terminal Server publishing", and then click Next.
- In the IP address of internal server field, enter the IP address of the internal server. If you want this rule to enable Terminal Server Access to the ISA server, type its Internal IP address. If this is for another computer behind the ISA server on the LAN, type that computer's IP address.
- In the External IP address on ISA Server field, type the external IP address on the ISA server that this publishing rule will use, and then click Next.
- Under Protocol Settings, in the Apply the rule to this protocol field, click to Inbound Terminal Server protocol definition you created earlier, and then click Next.
- Click the Client Type this request should apply to (for example, Any Request), click Next, and then click Finish.
- Repeat this step for each internal server you wish to publish, using a unique internal and external IP address for each rule.
- If the Terminal Server is on the same segment as the internal interface of the ISA server, then the default gateway on the Terminal Server must point to the internal interface of the ISA server. If the Terminal Server is on a remote segment from the internal interface of the ISA server, then the ISA server must be an edge router to the Internet. If the ISA server is not an edge router (i.e. all traffic to the Internet flows through ISA server), then you will need to add specific routes to the routers so that the Terminal Server can route packets back to the ISA Server and on to the Internet.
Step Three: Bind Terminal Services on the ISA Server to the Internal Adapter on the ServerTo bind Terminal Services on the ISA Server to the internal adapter on the server, perform the following steps:
- Click Start, point to Programs, click Administrative Tools, and then click Terminal Services Configuration.
- Click the Connections folder, and then click the RDP-TCP connection.
- Right click this connection and click Properties.
- Click the Network Adapter tab and click to select the Internal network adapter in the Network Adapter check box.
- By default, Terminal Services binds to All network adapters configured with this protocol. Therefore, you will need to set it specifically to the internal adapter.
- You may have to restart the server before the Terminal Services binding changes take effect.
- If you have only one IP address available on the external Interface of the ISA server, you can still access multiple Terminal Servers on your LAN using the Terminal Services Client (but not the TSAC). You will need to change the port the Terminal Server listens on, then create Protocol Rules and Publishing Rules for that server on that port.
where ServerName is the NetBIOS name of your Web server.
ID do Artigo: 294720 - Última Revisão: 30 de out de 2006 - Revisão: 1