?
Solved

Using VPN to access Terminal Server.

Posted on 2013-06-09
4
Medium Priority
?
435 Views
Last Modified: 2013-06-10
Hello Guys,

I need to test something...i have a domain controller on windows server 2003 and a terminal server on windows 2003 server too.  I would need to give outside users access to that terminal server.  I have only a dlink switch 24 ports...ADSL routers...
I have heard about VPN client and im new on that.  Can you please show me the best approach how to give those users access to my terminal server!!
Is there a free or trial VPN software available to test that?
For your information i will use private ip address for the testing...Will it affect the testing?

Thanks for your answers..
0
Comment
Question by:techlabtest
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 70

Expert Comment

by:Qlemo
ID: 39232943
If "i will use private ip address for the testing" means you want to try it from inside your network - yes, that effects the test. You can test the terminal server connection in general, but not if is available for outside users.

For "publishing" the terminal server, you can use port forwarding for port 3389/tcp on your DSL router  - this will expose the terminal server to the public, however, and might be subject to attacks.

As you mentioned there are also VPNs as option. Windows OS implement a simple VPN protoocol server (PPTP), and that is what I would try to use here:
Set up Routing and Remote Access (RRAS) on a W2003 (or higher) server, and configure it for Remote Access (you will get asked by the Wizard, nothing complicated here to set up).
Then you'll need to allow port-forwarding for PPTP (1723/tcp) and GRE (protocol 47) on your DSL router - most have a specific "VPN passthru" setting, which bundles all necessary settings. The IP you need to provide is that of the RRAS server.
Having done that, you should be able to establish a VPN connection with the Windows client (just follow the Wizard here again), connecting against the public IP of your DSL router.

Warning! PPTP is flaky. In most cases, it just works, but you might encounter issues when trying with multiple connections, in particular from the same source (read: public IP). Troubleshooting is difficult, up to impossible. So it is worth a try and some fiddling, but if it does not work, we should try something different. In that case you should post details about the brand of your DSL router.
0
 
LVL 22

Assisted Solution

by:Larry Struckmeyer MVP
Larry Struckmeyer MVP earned 750 total points
ID: 39232947
The best approach is to have a firewall that has a corresponding mobile VPN client and set the VPN from the VPN client to the firewall.  This provides the least overhead for the server and the greatest security for the data flow.
0
 
LVL 97

Accepted Solution

by:
Experienced Member earned 750 total points
ID: 39232952
I agree that a separate firewall with VPN capabilities is the best way to go. For small businesses, Juniper (e.g. SSG5) and Cisco (RV042G) make good, inexpensive VPN routers that work well and are reliable. I do this for my own clients.

.... Thinkpads_User
0
 
LVL 97

Expert Comment

by:Experienced Member
ID: 39234254
@techlabtest - Thank you, and I was happy to help you with this.  ... Thinkpads_User
0

Featured Post

Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Trying to figure out group policy inheritance and which settings apply where can be a chore.  Here's a very simple summary I've written which might help.  Keep in mind, this is just a high-level conceptual overview where I try to avoid getting bogge…
Let’s list some of the technologies that enable smooth teleworking. 
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
Suggested Courses

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question