Has anyone been able to successfully use Application Server through VPN using Microsoft ISA Server. I have switched to use Port 90 for all Application Server communication and ISA still will not allow VPN connectivity with the 2X Client. VPN Users have full access to the entire IP subnet and can ping and connect to Application Server (Terminal Server) directly via RDP. Internal users are having no problems suing the 2X client. Any help would surely be appriciated as many of my clients are using ISA Server. Thanks!!
Hi.. 2X Client by default try to connect over port 80, so if you configured the Application Server to listen on port 90 clients must connect over port 90 too. Also make sure that port 90 is open from the ISA. This must be some configuration issue. Is the ISA trying to decode the protocol over this port? As this needs to be switched off, since ISA is not capable to understand 2X Protocols. Nixu
First, clients are working great, and are all configured using port 90. VPN connected users, connecting through ISA server are the only ones with connectivity issues. Second, all ports are open to ISA VPN users, as they are securely connected to the internal lan. As I stated, they can connected to any resource available, including the Terminal Server over RDP. The issue comes into place seemingly because of the way Application Server forms it packets. ISA Server has Intrusion Detection / Packet Filtering built in. Even with Application Server running on port 90, ISA Server detecs this traffic as HTTP formed packets, and over the VPN, the IDS system blocks this traffic. Even with ISA disabled, being the ISA uses a kernel mode driver for packet detection, 2X is still blocked. My questions is, has anybody with a strong ISA Server background, found a configuration and/or workaround for using 2X open VPN with ISA. Thanks!
Im no expert in this area or ISA but.. Im no expert in this area or ISA but..Often when the client is on the LAN (and your VPN will probably look like this to the client) then the client usually tries to use a direct connection to the terminal server agent. So you will either have to open the 2X TS agent port on the VPN/ISA or change the cleint config to use the gateway mode rather than direct. I hope that helps.
