Terminal Server Gateway Serving Multiple VLANs

Is it possible to setup a Server 2008 tsgateway to serve multiple vlans? So configuration would be from the firewall;

FW--->TSGateway--->Router--->VLAN1
                                                   |--->VLAN2
                                                   |--->VLAN3

Therefore using one gateway to direct to mulitple terminals on different VLANs?
FortrakAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

tigermattCommented:

That is most definitely possible. The TS Gateway does not know about nor care about your underlying VLAN configuration.

Provided you have good DNS resolution at the TSG server, to enable it to resolve the IPs of internal workstations/servers, and port 3389 is accessible between TSG and the back-end stations which will be accessed remotely.

-Matt
0
FortrakAuthor Commented:
If each VLAN is configured with its own domain is it possible to configure the tsgateway to service connections to each domain? We are setting up the VLANs as separate networks with their own DC's etc.... Would like one gateway to authenticate users to RDP sessions.
0
tigermattCommented:
You can certainly do that. You need to simply ensure that the TS Gateway server is able to resolve the DNS names of each server in each separate domain, as that is how users will connect via the TS Gateway. If not, users would have to use the internal IP address of each server they wished to connect to.

You will also need to consider how users will authenticate to the TS Gateway itself. You can either maintain a separate database of usernames and passwords specifically for logging into the TS Gateway, or use a trust relationship between its domain and the other domains, to enable users to use their domain credentials to authenticate with the TSG. The benefit with using trusts is the connection via the TSG can use passed-through credentials, whereby the credentials used to access the TSG are also used to access the remote server.

-Matt
0
10 Tips to Protect Your Business from Ransomware

Did you know that ransomware is the most widespread, destructive malware in the world today? It accounts for 39% of all security breaches, with ransomware gangsters projected to make $11.5B in profits from online extortion by 2019.

FortrakAuthor Commented:
OK, the gateway is now functional in a workgroup and is serving sessions to terminal servers on the other domains. As a test I created the same user logon locally on the TSGateway as is on the domain terminal.  When logging in through the web interface of the TS Gateway the user is prompted twice for logon. Once when you logon to the gateway and once again when logging on to the domain terminal server. Yet when using the Remote Desktop Connection giving the domain credentials logs the user right through with no prompting a second time. In the Remote Desktop Connection settings for the TS Gateway the box is checked for "Use my TS Gateway credentials for the remote computer." Is there a similar setting that can be made for the TS Gateway web access so that there is no prompting for logon a second time?
0
tigermattCommented:

I would expect it to work when using the RDP client because the authentication will be passed-through from the TSG to the remote box.

The web interface is different and requires authentication to the TSG then re-authentication to the remote Terminal Server. Because the authentication method it uses is slightly different, no pass-through will be performed and two logons will be required.

-Matt
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
FortrakAuthor Commented:
Thanks for your help with this.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft Server OS

From novice to tech pro — start learning today.