Using VPN to access Terminal Server.

Posted on 2013-06-09
Last Modified: 2013-06-10
Hello Guys,

I need to test something...i have a domain controller on windows server 2003 and a terminal server on windows 2003 server too.  I would need to give outside users access to that terminal server.  I have only a dlink switch 24 ports...ADSL routers...
I have heard about VPN client and im new on that.  Can you please show me the best approach how to give those users access to my terminal server!!
Is there a free or trial VPN software available to test that?
For your information i will use private ip address for the testing...Will it affect the testing?

Thanks for your answers..
Question by:techlabtest
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
LVL 70

Expert Comment

ID: 39232943
If "i will use private ip address for the testing" means you want to try it from inside your network - yes, that effects the test. You can test the terminal server connection in general, but not if is available for outside users.

For "publishing" the terminal server, you can use port forwarding for port 3389/tcp on your DSL router  - this will expose the terminal server to the public, however, and might be subject to attacks.

As you mentioned there are also VPNs as option. Windows OS implement a simple VPN protoocol server (PPTP), and that is what I would try to use here:
Set up Routing and Remote Access (RRAS) on a W2003 (or higher) server, and configure it for Remote Access (you will get asked by the Wizard, nothing complicated here to set up).
Then you'll need to allow port-forwarding for PPTP (1723/tcp) and GRE (protocol 47) on your DSL router - most have a specific "VPN passthru" setting, which bundles all necessary settings. The IP you need to provide is that of the RRAS server.
Having done that, you should be able to establish a VPN connection with the Windows client (just follow the Wizard here again), connecting against the public IP of your DSL router.

Warning! PPTP is flaky. In most cases, it just works, but you might encounter issues when trying with multiple connections, in particular from the same source (read: public IP). Troubleshooting is difficult, up to impossible. So it is worth a try and some fiddling, but if it does not work, we should try something different. In that case you should post details about the brand of your DSL router.
LVL 22

Assisted Solution

by:Larry Struckmeyer MVP
Larry Struckmeyer MVP earned 250 total points
ID: 39232947
The best approach is to have a firewall that has a corresponding mobile VPN client and set the VPN from the VPN client to the firewall.  This provides the least overhead for the server and the greatest security for the data flow.
LVL 95

Accepted Solution

John Hurst earned 250 total points
ID: 39232952
I agree that a separate firewall with VPN capabilities is the best way to go. For small businesses, Juniper (e.g. SSG5) and Cisco (RV042G) make good, inexpensive VPN routers that work well and are reliable. I do this for my own clients.

.... Thinkpads_User
LVL 95

Expert Comment

by:John Hurst
ID: 39234254
@techlabtest - Thank you, and I was happy to help you with this.  ... Thinkpads_User

Featured Post

Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How to set-up an On Demand, IPSec, Site to SIte, VPN from a Draytek Vigor Router to a Cyberoam UTM Appliance. A concise guide to the settings required on both devices
This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question