Solved

RDP Port forwarding on Win 2008 server

Posted on 2013-01-31
4
758 Views
Last Modified: 2013-02-07
We have a Windows 2008 Standard R2 server that we use for RDP.  It was originally set up by an external consultant.  He did port forwarding on our firewall so that you would have to enter another port number other than 3389 when accessing the server (ex remote.domain.com:12345).

We are upgrading our firewalls and this firewall does not want to play nice with the port forwarding.  Is there a way for me to do the port forwarding directly on the server instead of through the hardware firewall?

Thanks!
0
Comment
Question by:jmerulla
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 
LVL 58

Accepted Solution

by:
Cliff Galiher earned 500 total points
ID: 38842270
No there is not, and honestly, even port forwarding on the firewall is not a great solution.

If you are properly licensed and each connecting user has an RDS CAL, then you are already licensed to set up and use the RDGateway service. This is DESIGNED for this task. It will secure RDP sessions and proxy them via port 443, which almost every firewall in existence supports, no funky remapping required.
0
 
LVL 46

Expert Comment

by:Jackie Man
ID: 38842906
Does your ISP give you a range of real IP address?

If yes, try the following:

You can assign a real IP to the NIC of the server, so that you can assess the server by:

   Real IP:443

But, it is not a good practice as it will be difficult to maintain security.

OR

You can buy a NAS with router features and assign a real IP to the NAS and put the NAS into the DMZ of your network. Then, port forward to the server 2008 R2 from the NAS.
0
 
LVL 2

Author Comment

by:jmerulla
ID: 38844335
The Cisco ASA firewall has NAT set up for the RDP server so when staff try to connect from outside to externalip:nonrdppport it forwards to internalip:3389.  We've noticed that if we try to use that server for anything else on the ASA we get warnings about the port forwarding.

We don’t have the external ip address set up on the NIC of the server because staff sometimes have t access the RDP server internally  (quick way to work if having computer issues).
0
 
LVL 18

Expert Comment

by:Netflo
ID: 38844675
I agree with cgaliher, RDG is the best and secure way to go. You can configure it on the current RDS and need a single name certificate. You only need to map 443 TCP to the internal server. All other RDC icons will need to be updated to be aware of the gateway settings and away you go.
0

Featured Post

Instantly Create Instructional Tutorials

Contextual Guidance at the moment of need helps your employees adopt to new software or processes instantly. Boost knowledge retention and employee engagement step-by-step with one easy solution.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I was supporting a handful of Windows 2008 (non-R2) 2 node clusters with shared quorum disks. Some had SQL 2008 installed and some were just a vendor application that we supported. For the purposes of this article it doesn’t really matter which so w…
New Windows 7 Installations take days for Windows-Updates to show up and install. This can easily be fixed. I have finally decided to write an article because this seems to get asked several times a day lately. This Article and the Links apply to…
This tutorial will show how to push an installation of Backup Exec to an additional server in both 2012 and 2014 versions of the software. Click on the Backup Exec button in the upper left corner. From here, select Installation and Licensing, then I…
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question