Solved

IPSec Win2K server with VPN Terminal services

Posted on 2003-11-01
1
604 Views
Last Modified: 2011-09-20
I am preparing a server for co-location. It is a Win2k server with SQL 2000. All service packs are installed.

What I would like to do is use TS (Admin Mode) through a VPN  connection ONLY and block it to the outside world. VPN & RDP are working now, but the port is open. I have tried to block the port, but even with a VPN connection it will not allow a RDP connection if the port is "blocked"

I have taken a lot of security steps ( MS Baseline Security & SQL C2) to try to enhance security. This is a stand alone server.

There is one network card installed and I have an IPSEC policy to allow 80,443,20/21 in and out. I have blocked all other traffic.
I have tried applying a Permit action to "remote" connections

The answer should contain steps to allow a Terminal Services RDP connection via VPN while blocking port 3389 to external traffic.

Thank you.
0
Comment
Question by:lrr81765
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 4

Accepted Solution

by:
Kokoglen earned 500 total points
ID: 9663920
This might not be the answer you are looking for, but have you considered using a firewall device and VPN to that rather than the win2k box itself?  Then use TS to connect to the box.  Its usually better to structure it this way, the hardware forewall will be faster and more secure.

Otherwise, let me try to mirror back what you are asking for:
VPN to Win2k box and allow TS to that same box after the vpn connects.  Is this right?

You could assign an additional internal, non-routable IP to the box. (192.168.1.10 for example) and then allow 3389 to that IP, but block it to the public address.  Then with the VPN you should be able to connect to the internal address with TS.

Again, I usually go the other way, with a hardware firewall, but I think the other way should work.
0

Featured Post

Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question