Using VPN to access Terminal Server.

Posted on 2013-06-09
Last Modified: 2013-06-10
Hello Guys,

I need to test something...i have a domain controller on windows server 2003 and a terminal server on windows 2003 server too.  I would need to give outside users access to that terminal server.  I have only a dlink switch 24 ports...ADSL routers...
I have heard about VPN client and im new on that.  Can you please show me the best approach how to give those users access to my terminal server!!
Is there a free or trial VPN software available to test that?
For your information i will use private ip address for the testing...Will it affect the testing?

Thanks for your answers..
Question by:techlabtest
  • 2
LVL 69

Expert Comment

ID: 39232943
If "i will use private ip address for the testing" means you want to try it from inside your network - yes, that effects the test. You can test the terminal server connection in general, but not if is available for outside users.

For "publishing" the terminal server, you can use port forwarding for port 3389/tcp on your DSL router  - this will expose the terminal server to the public, however, and might be subject to attacks.

As you mentioned there are also VPNs as option. Windows OS implement a simple VPN protoocol server (PPTP), and that is what I would try to use here:
Set up Routing and Remote Access (RRAS) on a W2003 (or higher) server, and configure it for Remote Access (you will get asked by the Wizard, nothing complicated here to set up).
Then you'll need to allow port-forwarding for PPTP (1723/tcp) and GRE (protocol 47) on your DSL router - most have a specific "VPN passthru" setting, which bundles all necessary settings. The IP you need to provide is that of the RRAS server.
Having done that, you should be able to establish a VPN connection with the Windows client (just follow the Wizard here again), connecting against the public IP of your DSL router.

Warning! PPTP is flaky. In most cases, it just works, but you might encounter issues when trying with multiple connections, in particular from the same source (read: public IP). Troubleshooting is difficult, up to impossible. So it is worth a try and some fiddling, but if it does not work, we should try something different. In that case you should post details about the brand of your DSL router.
LVL 22

Assisted Solution

by:Larry Struckmeyer MVP
Larry Struckmeyer MVP earned 250 total points
ID: 39232947
The best approach is to have a firewall that has a corresponding mobile VPN client and set the VPN from the VPN client to the firewall.  This provides the least overhead for the server and the greatest security for the data flow.
LVL 94

Accepted Solution

John Hurst earned 250 total points
ID: 39232952
I agree that a separate firewall with VPN capabilities is the best way to go. For small businesses, Juniper (e.g. SSG5) and Cisco (RV042G) make good, inexpensive VPN routers that work well and are reliable. I do this for my own clients.

.... Thinkpads_User
LVL 94

Expert Comment

by:John Hurst
ID: 39234254
@techlabtest - Thank you, and I was happy to help you with this.  ... Thinkpads_User

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

This is an article about my experiences with remote access to my clients (so that I may serve them) and eventually to my home office system via Radmin Remote Control. I have been using remote access for over 10 years and have been improving my metho…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

828 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question