Clear test to see if VPN / RDP working

The boss travels a lot. USA, Europe, etc. Often he cannot connect to our Windows server and his Windows XP box via VPN/RDP from his Windows XP laptop.

I'm looking for tools or techniques that make it unabiquously clear that VPN or whatever is blocked from the hotel, coffee shop, airport or other location he's trying to login from.

What simple thing (or tool) could I have him try to make things clear?
Who is Participating?
SarcastConnect With a Mentor Commented:
To succesfully RDP, you just need port 3389 if you connect on IP basis.
With a hostname, you need port 53 for DNS.

If port 1723 does not work, vpn isn't available for sure. However, if it does work, it's still no guarantee that the VPN tunnel can be built.
PlanktonSPGAuthor Commented:
One location told him "We block all ports below 500". Is there a workaround for such cases? Something I can configure on our servers so he could still get in?
If so, please give specifics for a windows server setup. Thanks!
Easiest way is to telnet your way to the port. If it doesnt open or responds, it's blocked.

Nmap for windows has a nice gui that does the same, but easier to work with:
WEBINAR: GDPR Implemented - Tips & Lessons Learned

Join the WatchGuard team on Thursday, March 29th as we recount some valuable lessons learned in weighing the needs of a business against the new regulatory environment, look ahead at the two months left before implementation, and help you understand the steps you can take today!

Use a router or firewall on your side that rerouts certain higher ports (usually above 1024) to for example port 500 or 3389.

Rerouting VPN tunnels can be tricky though, since VPN gets jumpy when network packages get altered.
PlanktonSPGAuthor Commented:
telnet is not always available and is not active currently on our server. Nmap looks interesting. Would he want to see ports 47, 1723 and 3389 for NameServer, VPN and RDP access?  If port 47 is blocked does that block access or Ping?  I'd like to avoid rerouting things. If the connection doesn't work we can live with it. Just want clear evidence of blocked accesss instead of iffy failure messages.
I did not explain properly.

Telnet is one of the most simple client utltilies out there which was always available on most Windows PC's (with exception of server 2008 iirc).
You can use telnet to open a connection to a port.

For example c:\> telnet 80
if the port opens.. and the telnet session connects, then the connection works.
If it hangs, it's closed at his location.

Telnet does nothing more, just open the port. Nmap does the same, but has extra options and a nice gui if you use the windows version.

Also DNS runs on port 53. You might be confused with the GRE IP protocol 47 (not a port).
PlanktonSPGAuthor Commented:
Thanks.  So then he needs 53, 1723 and 3389 access to successfully RDP?

i.e., nmap -p53,1723,3389  <machinename>
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.