Solved

RDP Port forwarding on Win 2008 server

Posted on 2013-01-31
4
744 Views
Last Modified: 2013-02-07
We have a Windows 2008 Standard R2 server that we use for RDP.  It was originally set up by an external consultant.  He did port forwarding on our firewall so that you would have to enter another port number other than 3389 when accessing the server (ex remote.domain.com:12345).

We are upgrading our firewalls and this firewall does not want to play nice with the port forwarding.  Is there a way for me to do the port forwarding directly on the server instead of through the hardware firewall?

Thanks!
0
Comment
Question by:jmerulla
4 Comments
 
LVL 56

Accepted Solution

by:
Cliff Galiher earned 500 total points
ID: 38842270
No there is not, and honestly, even port forwarding on the firewall is not a great solution.

If you are properly licensed and each connecting user has an RDS CAL, then you are already licensed to set up and use the RDGateway service. This is DESIGNED for this task. It will secure RDP sessions and proxy them via port 443, which almost every firewall in existence supports, no funky remapping required.
0
 
LVL 41

Expert Comment

by:Jackie Man
ID: 38842906
Does your ISP give you a range of real IP address?

If yes, try the following:

You can assign a real IP to the NIC of the server, so that you can assess the server by:

   Real IP:443

But, it is not a good practice as it will be difficult to maintain security.

OR

You can buy a NAS with router features and assign a real IP to the NAS and put the NAS into the DMZ of your network. Then, port forward to the server 2008 R2 from the NAS.
0
 
LVL 2

Author Comment

by:jmerulla
ID: 38844335
The Cisco ASA firewall has NAT set up for the RDP server so when staff try to connect from outside to externalip:nonrdppport it forwards to internalip:3389.  We've noticed that if we try to use that server for anything else on the ASA we get warnings about the port forwarding.

We don’t have the external ip address set up on the NIC of the server because staff sometimes have t access the RDP server internally  (quick way to work if having computer issues).
0
 
LVL 18

Expert Comment

by:Netflo
ID: 38844675
I agree with cgaliher, RDG is the best and secure way to go. You can configure it on the current RDS and need a single name certificate. You only need to map 443 TCP to the internal server. All other RDC icons will need to be updated to be aware of the gateway settings and away you go.
0

Featured Post

Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

Join & Write a Comment

Scenario:  You do full backups to a internal hard drive in either product (SBS or Server 2008).  All goes well for a very long time.  One day, backups begin to fail with a message that the disk is full.  Your disk contains many, many more backups th…
A procedure for exporting installed hotfix details of remote computers using powershell
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now