VPN Server Configuration

I have a Windows Server 2012 configured with VPN access. My primary reason for setting up VPN was to restrict access to a specific site that I had put in for "local" users only. However now that I have VPN running I would like to make the system more secure and force anyone who has RDP access to first connect via VPN, then via RDP. My question is this:

1. How do I force users to connect via VPN prior to initiating an RDP session?
2. Can I assign the user different credentials for VPN and RDP?
gactoAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Mark BillExchange, AD, SQL, VMware, HPE, 3PAR, FUD, Anti MS Tekhnet, Pro EE, #1Commented:
1. How do I force users to connect via VPN prior to initiating an RDP session?
2. Can I assign the user different credentials for VPN and RDP?

1. disable rdp packets coming to your firewall on the untrusted interface?
2. you can if you use a different system.

3. I really do not recommend this setup at all, use a sonicwall firewall even the entry level clients will facilitate all of what you need here, if you have some money put in a sonicwall firewall and a sonicwall ssl vpn box behind that, or else just buy a sonicwall firewall with ssl vpn function built into it, you could also use a watchguard firewall they are pretty good too.

M

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
gactoAuthor Commented:
Mark,

The box I have is a hosted server through 1&1. I have complete access to the box for configuration but I don't have any control over the firewall. I can look into the options offered by 1&1 to determine if they have firewall VPN configuration as an option. If I understand your suggestion you are saying that I should handle VPN at the firewall level and then manage the user accounts and RDP on the box?
Rob WilliamsCommented:
RDP is probably more secure than a Windows VPN.

However you can either restrict access through Active directory to RDP and/or VPN, or close port 3389 on your router.  Users will be forced to connect thorough the VPN before using RDP.
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

Mark BillExchange, AD, SQL, VMware, HPE, 3PAR, FUD, Anti MS Tekhnet, Pro EE, #1Commented:
we can also restrict access through windows os advanced remote tab. or windows firewall.

yes von at firewall level or a ssl vpn box behind that on the land natted from the wan. I doubt very much 1 and 1 will give you access to anything like this.
Mark BillExchange, AD, SQL, VMware, HPE, 3PAR, FUD, Anti MS Tekhnet, Pro EE, #1Commented:
it's also a security risk allowing rdo through a firewall period. if it's open access from the Internet this is not good.

ask 1 and 1 whether you can have your own firewall they should be able to situate one behind there.

a lot of these vpn utilities can even link to AD and let users use same AD password for vpn.
gactoAuthor Commented:
So I have done some research on the 1&1 system and the firewall I have access to has RDP access granted by default and it is not a configurable option. So using a hardware layer is not an option. My only options are through software and OS configurations.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2012

From novice to tech pro — start learning today.