Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

IPSec Win2K server with VPN Terminal services

Posted on 2003-11-01
1
Medium Priority
?
609 Views
Last Modified: 2011-09-20
I am preparing a server for co-location. It is a Win2k server with SQL 2000. All service packs are installed.

What I would like to do is use TS (Admin Mode) through a VPN  connection ONLY and block it to the outside world. VPN & RDP are working now, but the port is open. I have tried to block the port, but even with a VPN connection it will not allow a RDP connection if the port is "blocked"

I have taken a lot of security steps ( MS Baseline Security & SQL C2) to try to enhance security. This is a stand alone server.

There is one network card installed and I have an IPSEC policy to allow 80,443,20/21 in and out. I have blocked all other traffic.
I have tried applying a Permit action to "remote" connections

The answer should contain steps to allow a Terminal Services RDP connection via VPN while blocking port 3389 to external traffic.

Thank you.
0
Comment
Question by:lrr81765
1 Comment
 
LVL 4

Accepted Solution

by:
Kokoglen earned 2000 total points
ID: 9663920
This might not be the answer you are looking for, but have you considered using a firewall device and VPN to that rather than the win2k box itself?  Then use TS to connect to the box.  Its usually better to structure it this way, the hardware forewall will be faster and more secure.

Otherwise, let me try to mirror back what you are asking for:
VPN to Win2k box and allow TS to that same box after the vpn connects.  Is this right?

You could assign an additional internal, non-routable IP to the box. (192.168.1.10 for example) and then allow 3389 to that IP, but block it to the public address.  Then with the VPN you should be able to connect to the internal address with TS.

Again, I usually go the other way, with a hardware firewall, but I think the other way should work.
0

Featured Post

 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Originally, this post was published on Monitis Blog, you can check it here . It goes without saying that technology has transformed society and the very nature of how we live, work, and communicate in ways that would’ve been incomprehensible 5 ye…
Tech spooks aren't just for those who are tech savvy, it also happens to those of us running a business. Check out the top tech spooks for business owners.
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question