To setup a firewall rule to enable access through ISA to internal servers, you need to map different external ports to the interal port 3389.
In this example an internal system is on 192.168.10, and you want to RDP on port 3390 to this server.
Right-click firewall policy and select new – server publishing rule
Give it a name (rdp-inbound-3390)
Enter the internal ip address of 192.168.1.10
On selected protocol, select new
Call it rdp-3390
Set direction to inbound and put port 3390 start and 3390 finish
Click ok and next
We do not want secondary connections so click next and finish.
Now click on ports
On the second section down (published server ports)
Click send requests to this port and put in 3389
Click on and next
Select the external interface
Select next and finish
Apply the policy
Not there needs to be a Network rule for NAT to allow the internal server to access the external addresses.