<

How to Setup a RDP to an External IP

Published on
18,275 Points
8,675 Views
1 Endorsement
Last Modified:
Awarded
Community Pick
Remote Desktop Protocol or RDP has become an essential tool in many offices. This article will show you how to set up an external IP to point directly to an RDP session. There are many reasons why this is beneficial but perhaps the top reason is convenience -- you no longer need to VPN into your home office before logging into the RDP session.

Security
Before I begin, let me cover some points on security. Anytime you connect to a network, a hole is made in your security. The traditional method of Remote Desktop Protocol involves punching two holes in your security: One is for connecting to your network via VPN, the second is connecting to the computer via IP or DNS name.

The method I describe in this article allows you to bypass the VPN and connect directly to the computer.   If you want to add another layer of security, you should avoid  using the traditional port of 3389.  Letting the router redirect the traffic, using a custom port, and requiring a username and password makes this method of connecting to a machine in your office as secure as possible.
In this example, I am running Server 2003 and using a Netgear Firewall.

What will be covered in this article:

Setting a static IP
Set the Firewall info

STEP ONE - Set a Static IP on the Machine

There are several ways to set a static IP. This article assumes a machine on a network with a domain controller and a DHCP server.

First, determine what IP the machine has been assigned by the DHCP server. Do this by opening a DOS window and typing
    IPCONFIG
You can see that my machine has been assigned an internal IP of 10.0.10.115 by the DHCP server.
IPCONFIGNow log into the server that has DHCP on it.
Go to Start -> Administrative Tools -> DHCP
Starting the DHCP toolExpand the Server and the Scope.
Click on the Address Leases and find your IP, in this example, my IP of 10.0.10.115
DHCP Address LeaseJot down the Unique ID. This will be used in a later step.

Next, click on the Reservations.
In the right hand panel, right click and select New Reservation
Reserve an addressEnter in the information.
Plug in the IP you want to be static. This is not necessarily the same IP that you saw in step one. Usually, you will want to reserve an address that is not in the Address Pool, however this is up to you and your office policy. For this example, I am going to keep the 10.0.10.115 address and assign it to this machine.
Reservation settingsEnter the MAC address that you jotted down earlier. This was the Unique ID found in the DHCP Address Lease.
Click Add.
Now, this machine will always be given the IP assigned to it. DHCP will not assign this IP unless the MAC address matches so you do not have to worry about someone else getting your IP.


STEP TWO - Set the Firewall

Log into the Firewall.
Go to Security.
Go to Firewall.
Go to LAN WAN Rules.
Firewall rules
Go down to the Inbound Services.

You will need to know your IP address that has been given to you by your Internet Provider (called your external IP).
For this example, I will use 113.113.113.13  (Note:  This is not an actual IP;  I am only using it as an example).

In the Inbound Services, click Add
Add a rule
Inbound service settingsConfigure the new Inbound Service as follows:
Service = RDP
Action = Allow Always
Send to LAN Server = 10.0.10.115  (This is the IP of the machine you configured above)
WAN Destination IP = 113.113.113.13 (This is the external IP)
WAN User = Any

Click Apply.

Now when you RDP, use the external address. No need to VPN in first.
Connect directly to the IP
1
Comment
2 Comments
LVL 8

Author Comment

by:Coralie Crumrine
DanRollins,

I have attached my images in a zip file as requested.
Thank you for your suggestion about security. I have added a paragraph at the beginning of the article covering security.

Please let me know if there are any other areas that I need to add.

Thank you!
RDP.zip
0
LVL 26

Expert Comment

by:Tony J
I have some additional comments with regards to security - if you must use this method (I prefer an RD Web Gateway as it can encapsulate RDP into HTTPS and is end-to-end encrypted) then:

Rename and disable your local domain administrator account. Log on with non privileged accounts;

Use complex passwords - as complex as possible, even to the point of requiring a password safe;

Don't do this on a domain controller - if the administrator account is compromised, it's just compromised the entire network;

Enable firewalls and lock down unnecessary ports. Disable echo (ping) in both directions;

Disable any unnecessary services - many open up listener ports without you being aware;

Ensure that all AV and AntiMalware is bang up to date. Same with OS and particularly application patches;

Don't install anything unnecessary on the server - Flash, Java etc are all huge attack vectors. Use the RDP server as a jump box into other parts of the network. For example, you could literally close off all ports other than RDP via firewalls and then only use the connected server to RDP into others;

I also tend to disable DNS and use IP addresses. It's one less route into the network;

If at all possible, don't join it to the domain. Again this works if you're using it as a jump-off RDP server. Don't save credentials.
0

Featured Post

Cloud Class® Course: Amazon Web Services - Basic

Are you thinking about creating an Amazon Web Services account for your business? Not sure where to start? In this course you’ll get an overview of the history of AWS and take a tour of their user interface.

Join & Write a Comment

Wrapper-1-Query. Use an Excel function to calculate a column for an Access query. Part 1. Shows a query in Access that has a calculated column with the results of an Excel worksheet function. See how to call a wrapper function from a query, and …
Learn how to collaborate with office 365 Office Online

Keep in touch with Experts Exchange

Tech news and trends delivered to your inbox every month