Link to home
Start Free TrialLog in
Avatar of gebigler
gebiglerFlag for United States of America

asked on

Change port for terminal servers (2000 and 2003)

We access two of our terminal servers using a public address and port 3389.  Some hackers were trying to get in using that route.  One suggestion I received is to change the port.  I've read how to change it via registry - so I know to back up registry, change setting and reboot.  I also know what the user has to do to modify how they come in (add :xxxx to the IP address).  

How do I choose a port?  I have a list of common ports.  Do I just pick any port that's not on that list (up to 65535)?  

Is there a better way to do this.  We use ASA5505.  

Thanks!
ASKER CERTIFIED SOLUTION
Avatar of Toni Uranjek
Toni Uranjek
Flag of Slovenia image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of gebigler

ASKER

And are ports on the server level rather than network level?  i.e. Server1 could use port 10000 and Server2 could use 10001 for RDP?  I guess my question really is do I only have to look at the ports being used on the server where I want to change ports, not on the firewall?  I don't want to create any conflicts.  

Thanks!
If I understand correctly, you currently access you servers by:

PublicIP1, port 3389
and
Public IP2, port 3389?

I'm not really familiar with ASA access rules, but if is possible to redirect any port to any port, you can only change rules. I do work with ISA and TMG and this is easy to set up.

If ASA can not translate ports, then you will have to change ports on server AND ASA.