phermi
asked on
Restrict Terminal Services to particular IPs in SBS 2003
Hi all,
Yes, I know ... we do this through the Firewall ... but my firewall is not running because another program is running that might be using the NAT component (Ipnat.sys).
I read a bit, and tis happens if ISA is used, not our case, or if RAS is used. We use remove connections to allow VPN Users into the server using a range of IPs.
Is there a way to have it all, RAS and Windows firewall running so that I can limit TS to few IPs?
Thanks in advanced.
Yes, I know ... we do this through the Firewall ... but my firewall is not running because another program is running that might be using the NAT component (Ipnat.sys).
I read a bit, and tis happens if ISA is used, not our case, or if RAS is used. We use remove connections to allow VPN Users into the server using a range of IPs.
Is there a way to have it all, RAS and Windows firewall running so that I can limit TS to few IPs?
Thanks in advanced.
ASKER
The_Dark1: Thanks, but not really.
What we have here is brutal-force attacks from folks in Europe trying o guess the Administrator password while programmatically attempting to connect using RDC.
The system is slowed down to the point of crawling and the logs are full of account locking issues.
All I wanted was to be able to set rules in the firewall so only certain IPs will be accepted for RDC connection.
Plan B will be to change the RDP listening port
What we have here is brutal-force attacks from folks in Europe trying o guess the Administrator password while programmatically attempting to connect using RDC.
The system is slowed down to the point of crawling and the logs are full of account locking issues.
All I wanted was to be able to set rules in the firewall so only certain IPs will be accepted for RDC connection.
Plan B will be to change the RDP listening port
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
The_Dark1: this is hosted server and ys there is a firewall (Cisco PIX 515R ) in front of it, but it is not VPN capable.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I apologize for the huge delay ....
I do not have access to change anyhting in the PIX and honestly, I was hopping for an easy way to say "do not accept TS request excpt from XX.yy.zz.ww.
I appreciate your efforts and I will assign points to both of you, not because I can fix my problem based on your suggestions, but for the fact that you did care about it,
I do not have access to change anyhting in the PIX and honestly, I was hopping for an easy way to say "do not accept TS request excpt from XX.yy.zz.ww.
I appreciate your efforts and I will assign points to both of you, not because I can fix my problem based on your suggestions, but for the fact that you did care about it,
https://www.experts-exchange.com/questions/23151407/Restrict-login-to-terminal-services-by-user-by-IP-address-range.html