Solved

IPSec Win2K server with VPN Terminal services

Posted on 2003-11-01
1
603 Views
Last Modified: 2011-09-20
I am preparing a server for co-location. It is a Win2k server with SQL 2000. All service packs are installed.

What I would like to do is use TS (Admin Mode) through a VPN  connection ONLY and block it to the outside world. VPN & RDP are working now, but the port is open. I have tried to block the port, but even with a VPN connection it will not allow a RDP connection if the port is "blocked"

I have taken a lot of security steps ( MS Baseline Security & SQL C2) to try to enhance security. This is a stand alone server.

There is one network card installed and I have an IPSEC policy to allow 80,443,20/21 in and out. I have blocked all other traffic.
I have tried applying a Permit action to "remote" connections

The answer should contain steps to allow a Terminal Services RDP connection via VPN while blocking port 3389 to external traffic.

Thank you.
0
Comment
Question by:lrr81765
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 4

Accepted Solution

by:
Kokoglen earned 500 total points
ID: 9663920
This might not be the answer you are looking for, but have you considered using a firewall device and VPN to that rather than the win2k box itself?  Then use TS to connect to the box.  Its usually better to structure it this way, the hardware forewall will be faster and more secure.

Otherwise, let me try to mirror back what you are asking for:
VPN to Win2k box and allow TS to that same box after the vpn connects.  Is this right?

You could assign an additional internal, non-routable IP to the box. (192.168.1.10 for example) and then allow 3389 to that IP, but block it to the public address.  Then with the VPN you should be able to connect to the internal address with TS.

Again, I usually go the other way, with a hardware firewall, but I think the other way should work.
0

Featured Post

Report: Liquid Web beats Amazon, Rackspace & More

A study by performance analyst firm Cloud Spectator finds that Liquid Web beats rivals Amazon, Rackspace and DigitalOcean when it comes to website and cloud application performance.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
pfsense upgrade from 2.2.6 to 2.3.3 28 86
Connecting via HTTP / HTTPS 10 77
DHCP for a new, 2nd subnet 12 60
Capturing LPT1 output XP 6 33
If your business is like most, chances are you still need to maintain a fax infrastructure for your staff. It’s hard to believe that a communication technology that was thriving in the mid-80s could still be an essential part of your team’s modern I…
I had an issue with InstallShield not being able to use Computer Browser service on Windows Server 2012. Here is the solution I found.
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

737 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question