• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 439
  • Last Modified:

Using VPN to access Terminal Server.

Hello Guys,

I need to test something...i have a domain controller on windows server 2003 and a terminal server on windows 2003 server too.  I would need to give outside users access to that terminal server.  I have only a dlink switch 24 ports...ADSL routers...
I have heard about VPN client and im new on that.  Can you please show me the best approach how to give those users access to my terminal server!!
Is there a free or trial VPN software available to test that?
For your information i will use private ip address for the testing...Will it affect the testing?

Thanks for your answers..
0
techlabtest
Asked:
techlabtest
  • 2
2 Solutions
 
QlemoC++ DeveloperCommented:
If "i will use private ip address for the testing" means you want to try it from inside your network - yes, that effects the test. You can test the terminal server connection in general, but not if is available for outside users.

For "publishing" the terminal server, you can use port forwarding for port 3389/tcp on your DSL router  - this will expose the terminal server to the public, however, and might be subject to attacks.

As you mentioned there are also VPNs as option. Windows OS implement a simple VPN protoocol server (PPTP), and that is what I would try to use here:
Set up Routing and Remote Access (RRAS) on a W2003 (or higher) server, and configure it for Remote Access (you will get asked by the Wizard, nothing complicated here to set up).
Then you'll need to allow port-forwarding for PPTP (1723/tcp) and GRE (protocol 47) on your DSL router - most have a specific "VPN passthru" setting, which bundles all necessary settings. The IP you need to provide is that of the RRAS server.
Having done that, you should be able to establish a VPN connection with the Windows client (just follow the Wizard here again), connecting against the public IP of your DSL router.

Warning! PPTP is flaky. In most cases, it just works, but you might encounter issues when trying with multiple connections, in particular from the same source (read: public IP). Troubleshooting is difficult, up to impossible. So it is worth a try and some fiddling, but if it does not work, we should try something different. In that case you should post details about the brand of your DSL router.
0
 
Larry Struckmeyer MVPCommented:
The best approach is to have a firewall that has a corresponding mobile VPN client and set the VPN from the VPN client to the firewall.  This provides the least overhead for the server and the greatest security for the data flow.
0
 
John HurstBusiness Consultant (Owner)Commented:
I agree that a separate firewall with VPN capabilities is the best way to go. For small businesses, Juniper (e.g. SSG5) and Cisco (RV042G) make good, inexpensive VPN routers that work well and are reliable. I do this for my own clients.

.... Thinkpads_User
0
 
John HurstBusiness Consultant (Owner)Commented:
@techlabtest - Thank you, and I was happy to help you with this.  ... Thinkpads_User
0

Featured Post

 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now