Solved

IPSec Win2K server with VPN Terminal services

Posted on 2003-11-01
1
597 Views
Last Modified: 2011-09-20
I am preparing a server for co-location. It is a Win2k server with SQL 2000. All service packs are installed.

What I would like to do is use TS (Admin Mode) through a VPN  connection ONLY and block it to the outside world. VPN & RDP are working now, but the port is open. I have tried to block the port, but even with a VPN connection it will not allow a RDP connection if the port is "blocked"

I have taken a lot of security steps ( MS Baseline Security & SQL C2) to try to enhance security. This is a stand alone server.

There is one network card installed and I have an IPSEC policy to allow 80,443,20/21 in and out. I have blocked all other traffic.
I have tried applying a Permit action to "remote" connections

The answer should contain steps to allow a Terminal Services RDP connection via VPN while blocking port 3389 to external traffic.

Thank you.
0
Comment
Question by:lrr81765
1 Comment
 
LVL 4

Accepted Solution

by:
Kokoglen earned 500 total points
ID: 9663920
This might not be the answer you are looking for, but have you considered using a firewall device and VPN to that rather than the win2k box itself?  Then use TS to connect to the box.  Its usually better to structure it this way, the hardware forewall will be faster and more secure.

Otherwise, let me try to mirror back what you are asking for:
VPN to Win2k box and allow TS to that same box after the vpn connects.  Is this right?

You could assign an additional internal, non-routable IP to the box. (192.168.1.10 for example) and then allow 3389 to that IP, but block it to the public address.  Then with the VPN you should be able to connect to the internal address with TS.

Again, I usually go the other way, with a hardware firewall, but I think the other way should work.
0

Featured Post

Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

Join & Write a Comment

Suggested Solutions

Imagine you have a shopping list of items you need to get at the grocery store. You have two options: A. Take one trip to the grocery store and get everything you need for the week, or B. Take multiple trips, buying an item at a time, to achieve t…
#Citrix #Citrix Netscaler #HTTP Compression #Load Balance
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now