Link to home
Start Free TrialLog in
Avatar of cmdolcet
cmdolcetFlag for United States of America

asked on

Accesing Pc's from outside a network.

I have a user that would like to log onto a PC inside or network from outside. Do I just need to setup him up with a user account and let him use the RDP connection?

I am unfamiliar with the setup.
Avatar of pjam
Flag of United States of America image

They will need a VPN connection such as AT&T global network client and a RSA token.
Then they can RDP
Avatar of cmdolcet


pJam....when you talk about this.... you mean they need to be hooked up to the internet correct?
Yes but they need to have a tunnel to your network.  You computers are probably on private IP numbers such as 10.x.x.x or 192.168.1.x while they are on their ISP's IP number.
pJam yes who would setup that tunnel? me or them. I have a user account all setup thy can use.. but how do you set that up?
Avatar of David Johnson, CD
you have a public ip address that the world knows.. typically one has more than 1 machine that uses this public ip. via a router. so you have to add a NAT (network address translation) rule which will route a protocol (tcp or udp or both) and a port from outside to an ip address on the inside. i.e. RDP to
public ip ( -> tcp request on port 3389 -> router -> (machine that will use RDP
the machine with ip will then authenticate the username and password, local firewall rule to allow tcp port 3389

creating a vpn requires more work._
Avatar of Lee W, MVP
Lee W, MVP
Flag of United States of America image

Link to home
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Lee W I suggested that however they said this was industry standard and using GoToMyPC or Webex or or anything like that would take longer.
Well, whoever they are should be fired if they have ANY critical data they want to protect and keep people out of the network.  Tell them if they aren't concerned about the security risks, just remove the  antiviirus while they're at it - since AV requires resources and firewall is all they need.

And when they look at you like you're an idiot for even suggesting it, tell them it's very similar to poking holes in the firewall / router to allow RDP and TSGrinder attacks.  IF you do this foolish thing, check your event logs - you'll start being hit daily with massive amounts of bad logins for accounts that don't exist... and HOPEFULLY, they guess RIGHT!
(Don't actually do that - but maybe print this and show them this post).