Solved

Remote Desktop from outside of SBS to a machine inside of SBS - without VPN

Posted on 2006-11-13
6
364 Views
Last Modified: 2010-04-19
We have a machine that we would like to allow Remote Desktop access for.  The machine is in our SBS 2003 network.

Right now we can Remote Desktop directly to the machine as long as we are on another machine that is on our network (if we're on the network via VPN or via a direct connection, Remote Desktop works).

However, we would like to be able to give a client remote access to this machine - without them having to log onto our network or use VPN.

We've already setup the machine to listen for Remote Desktop connections via port 3390.

However, because our SBS machine uses 2 NICs, we cannot forward port 3390 directly to the machine from the router.  We can forward it to the SBS machine - and I assume there are some fairly simple settings to have SBS, in turn, forward it to the appropriate specific machine.

Can anyone help us provide the appropriate forwarding so that we can give Remote Desktop access to this machine from anywhere on the Internet?

Thanks.
0
Comment
Question by:crm_info
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 9

Expert Comment

by:JamesTX10
ID: 17930534
Hi crm_info,
Another option besides remote desktop is www.logmein.com. It handles all the connection issues for you.

JamesTX10
0
 
LVL 95

Accepted Solution

by:
Lee W, MVP earned 60 total points
ID: 17931920
My question is, WHY do you want to put a security hole like this into the network.  Give the client VPN access and direct them to use that.

Set the port back to 3389.  You didn't have to change it - and it's better to keep things consistent.

Now, if you insist on doing the unwise, go to the Routing and Remote Access Administrative Tool, expand ServerName, IP Routing, NAT/Basic Firewall, and then right click on the network adapter in the right column that is used for the internet connection (not the local connection).  On te window that appears, click "Services and Ports" tab, then click the Add button.  In that window, type in a description of the service, leave TCP as the protocol selected, and for the incoming port, select 3390, for the private IP, enter the IP of the workstation you want them to have access to, then enter port 3389 as the outgoing port (This is why you didn't have to change the port earlier - this translates it for you).  Click ok, make sure the service is selected with a check mark, and OK out.  That should do it.
0
 
LVL 10

Author Comment

by:crm_info
ID: 17932336
leew ... THANKS.

Can you tell me know to setup an outside client with a VPN connection to our network?  I'll need help on setting up the user login, and allowing the user to download the VPN client, etc.

I would like to do this without using up another license on our SBS machine.

I would also like to do this in such a way that they cannot access any machine except for the specific machine that I've given them permission for.

The only reasons why I might prefer to poke a security hole:
(1) Don't want to ask our clients to install software on their desktop
(2) Some of our clients have very secure systems that won't allow them to install other software and, even if it can be installed, they may not be able to run a VPN client on their machine
(3) I don't want to create additional users on our network (thus requiring additional licenses on our SBS machine ... unless I'm missing a way to create a login without using a license).

Thanks again for your help.  I'm optimistic that we'll be able to make the VPN work and would certainly prefer to have a more secure setup.
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 74

Assisted Solution

by:Jeffrey Kane - TechSoEasy
Jeffrey Kane - TechSoEasy earned 60 total points
ID: 17932725
crm_info...

If you are providing a user access to a machine on your network, you are required to have a CAL for that user, or you can use DEVICE CALs and then you can have as many users as you like accessing various machines.  Either way, though, you cannot avoid the licensing issue.

Your clients don't have to install anything other than a small ActiveX script to allow remote desktops through Remote Web Workplace (http://sbsurl.com/rww).

RWW does not require the use of a VPN.  It only requires the ability to access a web page.

Allowing users to access your network without having the proper licenses is a violation of your licensing agreement.

Jeff
TechSoEasy
0
 
LVL 6

Assisted Solution

by:manicsquirrel
manicsquirrel earned 30 total points
ID: 17934710
CRM_Info:

Follows Jeff's advise above, however, you must also port forward TCP 4125 from your router to the SBS's external NIC for Remote Web Workplace to work.
0
 
LVL 10

Author Comment

by:crm_info
ID: 17937811
leew & TechSoEasy - thanks for the tips.  We'll either buy the extra licenses and use the recommended approach ... or we'll just take this particular machine off of the SBS network and put it on our "dev" network so we can provide access without requiring the additional SBS license.  I'll split the points between the two of you.

manicsquirrel - thanks for fine tuning of the feedback.  I'll also put a small portion of points towards your answer.
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In the event you manage a Small Business Server 2003, and you are audited for PCI compliance, there are several changes you must make in order to pass the audit. I can take no credit for discovering any of these fixes or workarounds, but there is no…
You may have discovered the 'Compatibility View Settings' workaround for making your SBS 2008 Remote Web Workplace 'connect to a computer' section stops 'working around' after a Windows 10 client upgrade.  That can be fixed so it 'works around' agai…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

749 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question