Solved

Restricting RDP with Windows Firewall....but it doesn't work?!

Posted on 2010-11-15
6
924 Views
Last Modified: 2012-05-10
peeps,

I'm trying to restrict RDP access so that only people on the WAN and LAN can access the terminal services box, along with the possibility of a few external IP addresses. We're on Windows 2008. In Windows Firewall, I've gone into 'Inbound Rule' and chosen RDP->Properties->Scope.

Within the scope, I've added the internal range which is 10.0.0.1-10.0.0.254.

Then I've added the external IP. Apply, OK.

If I try to log onto remote desktop using the local IP 10.0.0.15 (that's the IP), it won't connect me. If I enter the external IP, then it does.

Does anybody know why this happens? And how this can be fixed?

Thanks a lot
0
Comment
Question by:Yashy
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
6 Comments
 
LVL 7

Expert Comment

by:tstritof
ID: 34137740
Hi,

what error are you getting? Can you ping 10.0.0.15?

Regards,
Tomislav
0
 
LVL 1

Author Comment

by:Yashy
ID: 34137816
No errors, it just won't connect and then times out with the error message. But I know that it's the firewall.

Yes, I can definitely ping the server.

As soon as I remove the IP address from the  'Remote IP' section within the Scope, I can log on locally.
0
 
LVL 7

Accepted Solution

by:
tstritof earned 500 total points
ID: 34138241
Oh I know what it is.

In Remote addresses you must specify all addresses from which clients will be connecting inluding your LAN scope. The Local IP address is the address TS listens on (IP address of TS NIC).
 Firewall scopes.
Hope this helps.

Regards,
Tomislav
0
Are You Headed to Black Hat USA 2017?

Getting ready for Black Hat next week? Kick things off with the WatchGuard Badge Challenge and test your puzzle and cipher skills. Do you have what it takes to earn our limited edition Firebox Badge? Get started today - https://crimsonthorn.net

 
LVL 1

Author Comment

by:Yashy
ID: 34138480
You Tom, deserve a fat medal. Thank you.
0
 
LVL 7

Expert Comment

by:tstritof
ID: 34138493
:) Glad to help.

Regards
0
 

Expert Comment

by:Widescope
ID: 34537755
Thanks very much, this helped me too.  It's been driving me up the wall for a couple of days now.

Cheers
Steve
0

Featured Post

Get free NFR key for Veeam Availability Suite 9.5

Veeam is happy to provide a free NFR license (1 year, 2 sockets) to all certified IT Pros. The license allows for the non-production use of Veeam Availability Suite v9.5 in your home lab, without any feature limitations. It works for both VMware and Hyper-V environments

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

To setup a SonicWALL for policy based routing to be used with the Websense Content Gateway there are several steps that need to be completed. Below is a rough guide for accomplishing this. One thing of note is this guide is intended to assist in the…
Resolving an irritating Remote Desktop connection that stops your saved credentials from being used.
This tutorial will give a an overview on how to deploy remote agents in Backup Exec 2012 to new servers. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as connecting to a remote Back…
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…
Suggested Courses

623 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question