gacto
asked on
VPN Server Configuration
I have a Windows Server 2012 configured with VPN access. My primary reason for setting up VPN was to restrict access to a specific site that I had put in for "local" users only. However now that I have VPN running I would like to make the system more secure and force anyone who has RDP access to first connect via VPN, then via RDP. My question is this:
1. How do I force users to connect via VPN prior to initiating an RDP session?
2. Can I assign the user different credentials for VPN and RDP?
1. How do I force users to connect via VPN prior to initiating an RDP session?
2. Can I assign the user different credentials for VPN and RDP?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
RDP is probably more secure than a Windows VPN.
However you can either restrict access through Active directory to RDP and/or VPN, or close port 3389 on your router. Users will be forced to connect thorough the VPN before using RDP.
However you can either restrict access through Active directory to RDP and/or VPN, or close port 3389 on your router. Users will be forced to connect thorough the VPN before using RDP.
we can also restrict access through windows os advanced remote tab. or windows firewall.
yes von at firewall level or a ssl vpn box behind that on the land natted from the wan. I doubt very much 1 and 1 will give you access to anything like this.
yes von at firewall level or a ssl vpn box behind that on the land natted from the wan. I doubt very much 1 and 1 will give you access to anything like this.
it's also a security risk allowing rdo through a firewall period. if it's open access from the Internet this is not good.
ask 1 and 1 whether you can have your own firewall they should be able to situate one behind there.
a lot of these vpn utilities can even link to AD and let users use same AD password for vpn.
ask 1 and 1 whether you can have your own firewall they should be able to situate one behind there.
a lot of these vpn utilities can even link to AD and let users use same AD password for vpn.
ASKER
So I have done some research on the 1&1 system and the firewall I have access to has RDP access granted by default and it is not a configurable option. So using a hardware layer is not an option. My only options are through software and OS configurations.
ASKER
The box I have is a hosted server through 1&1. I have complete access to the box for configuration but I don't have any control over the firewall. I can look into the options offered by 1&1 to determine if they have firewall VPN configuration as an option. If I understand your suggestion you are saying that I should handle VPN at the firewall level and then manage the user accounts and RDP on the box?