Solved

IPSec Win2K server with VPN Terminal services

Posted on 2003-11-01
1
602 Views
Last Modified: 2011-09-20
I am preparing a server for co-location. It is a Win2k server with SQL 2000. All service packs are installed.

What I would like to do is use TS (Admin Mode) through a VPN  connection ONLY and block it to the outside world. VPN & RDP are working now, but the port is open. I have tried to block the port, but even with a VPN connection it will not allow a RDP connection if the port is "blocked"

I have taken a lot of security steps ( MS Baseline Security & SQL C2) to try to enhance security. This is a stand alone server.

There is one network card installed and I have an IPSEC policy to allow 80,443,20/21 in and out. I have blocked all other traffic.
I have tried applying a Permit action to "remote" connections

The answer should contain steps to allow a Terminal Services RDP connection via VPN while blocking port 3389 to external traffic.

Thank you.
0
Comment
Question by:lrr81765
1 Comment
 
LVL 4

Accepted Solution

by:
Kokoglen earned 500 total points
ID: 9663920
This might not be the answer you are looking for, but have you considered using a firewall device and VPN to that rather than the win2k box itself?  Then use TS to connect to the box.  Its usually better to structure it this way, the hardware forewall will be faster and more secure.

Otherwise, let me try to mirror back what you are asking for:
VPN to Win2k box and allow TS to that same box after the vpn connects.  Is this right?

You could assign an additional internal, non-routable IP to the box. (192.168.1.10 for example) and then allow 3389 to that IP, but block it to the public address.  Then with the VPN you should be able to connect to the internal address with TS.

Again, I usually go the other way, with a hardware firewall, but I think the other way should work.
0

Featured Post

Surfing Is Meant To Be Done Outdoors

Featuring its rugged IP67 compliant exterior and delivering broad, fast, and reliable Wi-Fi coverage, the AP322 is the ideal solution for the outdoors. Manage this AP with either a Firebox as a gateway controller, or with the Wi-Fi Cloud for an expanded set of management features

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
svi stops eigrp advertisement 13 56
Provide internet access from one windows PC to another 16 100
Configure IP on Sonicwall 2 23
sharing subnet on sonicwall 10 26
Envision that you are chipping away at another e-business site with a team of pundit developers and designers. Everything seems, by all accounts, to be going easily.
Data center, now-a-days, is referred as the home of all the advanced technologies. In-fact, most of the businesses are now establishing their entire organizational structure around the IT capabilities.
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question