How to Setup a RDP to an External IP

Published on
18,997 Points
1 Endorsement
Last Modified:
Community Pick
Remote Desktop Protocol or RDP has become an essential tool in many offices. This article will show you how to set up an external IP to point directly to an RDP session. There are many reasons why this is beneficial but perhaps the top reason is convenience -- you no longer need to VPN into your home office before logging into the RDP session.

Before I begin, let me cover some points on security. Anytime you connect to a network, a hole is made in your security. The traditional method of Remote Desktop Protocol involves punching two holes in your security: One is for connecting to your network via VPN, the second is connecting to the computer via IP or DNS name.

The method I describe in this article allows you to bypass the VPN and connect directly to the computer.   If you want to add another layer of security, you should avoid  using the traditional port of 3389.  Letting the router redirect the traffic, using a custom port, and requiring a username and password makes this method of connecting to a machine in your office as secure as possible.
In this example, I am running Server 2003 and using a Netgear Firewall.

What will be covered in this article:

Setting a static IP
Set the Firewall info

STEP ONE - Set a Static IP on the Machine

There are several ways to set a static IP. This article assumes a machine on a network with a domain controller and a DHCP server.

First, determine what IP the machine has been assigned by the DHCP server. Do this by opening a DOS window and typing
You can see that my machine has been assigned an internal IP of by the DHCP server.
IPCONFIGNow log into the server that has DHCP on it.
Go to Start -> Administrative Tools -> DHCP
Starting the DHCP toolExpand the Server and the Scope.
Click on the Address Leases and find your IP, in this example, my IP of
DHCP Address LeaseJot down the Unique ID. This will be used in a later step.

Next, click on the Reservations.
In the right hand panel, right click and select New Reservation
Reserve an addressEnter in the information.
Plug in the IP you want to be static. This is not necessarily the same IP that you saw in step one. Usually, you will want to reserve an address that is not in the Address Pool, however this is up to you and your office policy. For this example, I am going to keep the address and assign it to this machine.
Reservation settingsEnter the MAC address that you jotted down earlier. This was the Unique ID found in the DHCP Address Lease.
Click Add.
Now, this machine will always be given the IP assigned to it. DHCP will not assign this IP unless the MAC address matches so you do not have to worry about someone else getting your IP.

STEP TWO - Set the Firewall

Log into the Firewall.
Go to Security.
Go to Firewall.
Go to LAN WAN Rules.
Firewall rules
Go down to the Inbound Services.

You will need to know your IP address that has been given to you by your Internet Provider (called your external IP).
For this example, I will use  (Note:  This is not an actual IP;  I am only using it as an example).

In the Inbound Services, click Add
Add a rule
Inbound service settingsConfigure the new Inbound Service as follows:
Service = RDP
Action = Allow Always
Send to LAN Server =  (This is the IP of the machine you configured above)
WAN Destination IP = (This is the external IP)
WAN User = Any

Click Apply.

Now when you RDP, use the external address. No need to VPN in first.
Connect directly to the IP
Ask questions about what you read
If you have a question about something within an article, you can receive help directly from the article author. Experts Exchange article authors are available to answer questions and further the discussion.
Get 7 days free