Link to home
Start Free TrialLog in
Avatar of pramod1
pramod1Flag for United States of America

asked on

terminal server

I have terminal server 2003, where remote users connect from outside office.

they want to access their workstation in our office, right now they access terminal server

and then again do RDC to  workstation name

is it possible they can directly access their workstaion through RDC from their home pc.

We are not using VPN
Avatar of CompProbSolv
CompProbSolv
Flag of United States of America image

This should be possible.
You would have to set up port forwarding in your router to redirect incoming Remote Desktop requests to the appropriate local computer.  To distinguish different computers you would set up different ports for each one.

For example, the default port for RD is 3389.  You probably have port forwarding set up in your router to send it to the IP address of the TS.  You would change the RD port setting on the workstation to another number, say 3390, set up port forwarding in your router to send port 3390 to that workstation's IP address (should be a static or reserved IP), then set up the port on the remote client to 3390.

If your router allows you to translate port numbers with port forwarding you could leave the port on the workstation as 3389 and have the router translate it.  You would still have to change it on the remote client, though.

If you need assistance on changing the ports on the workstation or client, let us know what OS they are using.
Avatar of pramod1

ASKER

they are using windows xp.

i have NAT INTERFACE on my firewall PUBLIC IP-TERMINAL SERVER IP on port 3389

How do i do port forwarding
ASKER CERTIFIED SOLUTION
Avatar of CompProbSolv
CompProbSolv
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of pramod1

ASKER

I am using watchguard firewall x550e, should i set it up on my firewall or workstation

should i set it up like below, request to be little clear

Right-click and select Add Policy.  
2.  In the Add Policy window, click New.  
3.  Name your template and then click Add.  
4.  Select Port Range and TCP.  Then enter ?? for the start server port and ?? for the end server port.
5.  Click OK until you get back to the Add Policy window.  
6.  In the Add Policy window, select your new custom filter and then down at the bottom of the window click Add.
7.  For the policy definition, you want to remove Any Trusted and allow traffic From Any External (or use a specific external host if you can get it from the phone company).
8.  For the To box, remove Any External and click Add.  Then select Add NAT and enter the external IP address (should be defaulted) and use 192.168.1.180 for the internal IP address.
9. Click OK until you get back to the Policy Manager.
10.  DON'T FORGET to save the new configuration to the Firebox and also save a copy of the configuration to your hard drive.
Start server port = 3390
End server port = 3390

If 192.168.1.180 is the IP address of the workstation, then #8 is correct.

Keep in mind that you will need to change the port on the workstation.  If you'll tell me what OS it runs I can give you a better clue there.

The Policy that you add should look just like the previous one except for port 3390 instead of 3389 and the destination of the workstation instead of TERMINAL SERVER IP.
Avatar of pramod1

ASKER

sir

please tell me how to change the port on the workstation.

OS of the workstation: WINDOWS XP (SP2)
Avatar of pramod1

ASKER

please tell me how to change the port on the workstation.

OS of the workstation: WINDOWS XP (SP2)
When you try to connect to the workstation, just add a colon and the port number at the end.

For example, if the TS is at 192.168.1.180 and uses port 3390, you would specify the server address (when on the LAN) as 192.168.1.180:3390.  If you are remote, use the external IP address followed by :3390.

I would test it locally first to isolate problems with the port change from problems with the port forwarding in the router.  That is, first try to connect to the workstation with another workstation using the 192.168.1.180:3390 address.  Once you are successful with that, try the remote connection from a computer not on the LAN.