How to publish VNC behind an ISA Server


How to publish VNC behind an ISA Server


By Greg Mulholland


VNC is one of the most popular remote control apps around. There have been some requests for information on how allow remote users to access their own or indeed other machines remotely. VNC is a way to do this. I have based this article on the proviso that the internal VNC server we wish to publish is a SecureNAT client.



Publishing VNC to allow access to a computer behind the ISA is a straight forward process. By default VNC uses both TCP port 5800 and 5900. TCP 5900 is used by the VNC client software, while TCP 5800 is used by the Java Web client.


Firstly, you must make sure VNC is installed and running on the computer you wish to access. VNC can be installed as a service if need be. Be sure that you have a tight password guarding your point of access. Remember also to enter the default settings as well as the user settings in the VNC app.


You will need firstly to create two protocol definitions. Call the first VNC1 and the second, strangely enough VNC2. The definitions are for TCP port 5800 and 5900 outbound respectively. As Figure 2 shows.



Figure 2


Secondly you will need to create two server publishing rules. The Internal IP will be the computer that is running the VNC service and the External IP will be the external IP of the ISA box. The first publishing rule will be based on the VNC1 protocol definition and the second one will be based on the VNC2 definition.


Next we will create two server publishing rules, one for each of the definitions we created. The Internal IP address will be of course the IP of the computer you are trying to access and the external IP is the External IP of the ISA, which goes without saying. This process is displayed in Figures 3 and 4.



Figure 3


 



Figure 4



So after we have created two publishing rules we should have a snap in which looks something like Figure 5:



Figure 5


From there we need an external client to test our connection. Better if you can do this yourself or have a trusted user to test the connection. Using the URL http://IPaddress:5800 we should reach the VNC authentication screen which should look like Figure 6. Most administrators will prefer to give their users a proper web address rather than an IP. Of course this is possible and is actually the way I have configured this for this exercise. No special configuration was necessary as long as somewhere there is a DNS server that can resolve you Name for the client.




Figure 6


Enter the correct password and you will be on your way to the remote bliss, as show below:



Figure 7


So that’s it, that’s all you need to do. Happy VNC’ing.


Greg Mulholland


Revised 14th Jan 2003

Leave a Comment

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Scroll to Top