Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Networking: RDP and Port # 3389

Posted on 2013-01-14
5
Medium Priority
?
887 Views
Last Modified: 2013-01-15
Hi,

This is related to remote desktop between Main Office and Branch Office. To do it, we can use the followings software:
- LogMeIn.com
- TeamViewer.com
- GotoAssist
- Cisco WebEX
- VNC
- Remote Assistance (Microsoft)

There are Firewalls, Both at Main Office and Branch Office.

My question: What should the Network Administator do related to Port # 3389? Would you explain a little bit of it please

Thank you

tjie
0
Comment
Question by:tjie
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 98

Accepted Solution

by:
John Hurst earned 800 total points
ID: 38775771
Port 3389 is for direct access in. I don't think you need to enable it for Logmein, WebEx, Remote Assistance. These tools use authentication at both ends and so should not need that port open. I think you should just leave it closed. I do not use the other ones.

... Thinkpads_User
0
 
LVL 8

Assisted Solution

by:d0ughb0y
d0ughb0y earned 800 total points
ID: 38775870
LogMeIn, WebEx, GoToMyPC, etc. all use outbound connections, not inbound, so the network administrator only needs to make sure not to block outbound traffic from the machine in question.

For Remote Desktop (and Remote Assistance, for that matter) the Network Admin will have to allow port 3389 into the machine from outside. He/she will need to set up a firewall rule to allow the traffic through (i.e. open the port), as well as (likely) a static NAT pointing the 3389 traffic to the internal IP address of that machine.
0
 
LVL 20

Assisted Solution

by:rauenpc
rauenpc earned 400 total points
ID: 38775874
Thinkpads is right.

For 3389, would likely need to setup a firewall and nat rule for each PC that needs direct access. This can chew up a lot of IP's and admin time. Most customers that require this end up building a terminal server so that outside users connect to one server, and RDP from there to any other inside devices.

I can't say for sure on remote assistance as I've never actually used that, but for applications like LogMeIn, WebEx, Team Viewer, Join.Me, etc., they all make connections to the outside world to register. This registration creates an active session on the firewall since it started from inside the network. Assuming the firewall wasn't configured to specifically block this connection, you will be able to connect in to that device using the active session. The application servers in the outside world act as a proxy to allow the use of an existing session so you don't need to worry about a giant security hole with these apps.
0
 

Author Comment

by:tjie
ID: 38776539
Hi all,

Per the above explanation ...

I agree with thinkpads that the network administrator should NOT do anything related to the port # 3389 (either it is open or close) to use LogMeIn, VNC, etc

Please post it back if you do not agree

Thank you

tjie
0
 
LVL 8

Assisted Solution

by:d0ughb0y
d0ughb0y earned 800 total points
ID: 38776791
That's correct, regarding port 3389. None of those have to do with 3389 - which is only RDP, and which would require the inbound connection, per above. However you mention VNC. VNC is not in the same category as LogMeIn, Citrix, etc. VNC is an inbound service. It doesn't start a connection with an external site, like those others. So it would require inbound NAT and firewall rules, to make it available from the outside. I believe the standard port for VNC is 5900, not 3389.
0

Featured Post

Ask an Anonymous Question!

Don't feel intimidated by what you don't know. Ask your question anonymously. It's easy! Learn more and upgrade.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

WARNING:   If you follow the instructions here, you will wipe out your VTP and VLAN configurations.  Make sure you have backed up your switch!!! I recently had some issues with a few low-end Cisco routers (RV325) and I opened a case with Cisco TA…
On Feb. 28, Amazon’s Simple Storage Service (S3) went down after an employee issued the wrong command during a debugging exercise. Among those affected were big names like Netflix, Spotify and Expedia.
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question