Change port for terminal servers (2000 and 2003)

We access two of our terminal servers using a public address and port 3389.  Some hackers were trying to get in using that route.  One suggestion I received is to change the port.  I've read how to change it via registry - so I know to back up registry, change setting and reboot.  I also know what the user has to do to modify how they come in (add :xxxx to the IP address).  

How do I choose a port?  I have a list of common ports.  Do I just pick any port that's not on that list (up to 65535)?  

Is there a better way to do this.  We use ASA5505.  

Thanks!
gebiglerAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Toni UranjekConsultant/TrainerCommented:
You can use any free and not "well known" port. Go for numbers over 10.000.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
gebiglerAuthor Commented:
And are ports on the server level rather than network level?  i.e. Server1 could use port 10000 and Server2 could use 10001 for RDP?  I guess my question really is do I only have to look at the ports being used on the server where I want to change ports, not on the firewall?  I don't want to create any conflicts.  

Thanks!
0
Toni UranjekConsultant/TrainerCommented:
If I understand correctly, you currently access you servers by:

PublicIP1, port 3389
and
Public IP2, port 3389?

I'm not really familiar with ASA access rules, but if is possible to redirect any port to any port, you can only change rules. I do work with ISA and TMG and this is easy to set up.

If ASA can not translate ports, then you will have to change ports on server AND ASA.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Security

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.