Announcement

Collapse
No announcement yet.

Port forwarded RDP connections blocked to terminal servers

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Port forwarded RDP connections blocked to terminal servers

    I've just recently taken over administration of a client that has in place three physical servers comprising a domain controller (running 2003 server R2) and a load balanced terminal server (the other two servers both running 2003).
    The DC runs ISA and RRAS using two nics -one connected to the internal network and the other directly connected to an ADSL modem for internet access.
    The ts boxes both have two nics and all are connected as NLB.
    All this works very well with internal clients and clients connected remotely via a IPSEC tunnels to a cisco PIX on the internal network.
    I can via the DC's internet connection, rdp in via the adsl's static public ip with no problems.
    My problem is that because I've only got one PIX for remote clients (again connected to the internet via an adsl modem) my remote connections are getting very congested, however when i connected two more adsl modems into the internal lan and port forwarded 3389 to my terminal server IP, I cant get a link.
    I've tested both modems, both are connected to the internet ok, both can port forward to a test system via 3389 on the same lan, I can see the web admin page on both modems from the DC via IE, but cannot get a rdp session running.
    I figured because my local clients can connect ok and I can rdp in via the DC's internet port(via it's public IP) that ISA is configured ok.
    Is there somewhere else that can have restrictions on access?...I've checked all rules in ISA, RRAS and NLB and can't see any reason why it shouldn't work.

    I will get some firewall appliances eventually for the two new adsl modems, but in the mean time I need to allow people access from remote sites without congesting the two links I have availible.(I'm already sharing some connections on the internet access modem of the DC)

    If this all sounds confusing, it is and it's taken me a long time to figure out how this systems been setup.

  • #2
    Re: Port forwarded RDP connections blocked to terminal servers

    Hi,

    I guess that you have a routing issue and not a TS issue.
    You will need to enable a second IP (publish) IP on the on the PIX, external DC
    etc. and setup a routing rules.
    I dont recommnaded to open TS port to the world due the security risk.
    Also, Im thinking that redesign on the network is recommanded,
    Best Regards,

    Yuval Sinay

    LinkedIn: https://www.linkedin.com/in/yuval14, Blog: http://blogs.microsoft.co.il/blogs/yuval14

    Comment


    • #3
      Re: Port forwarded RDP connections blocked to terminal servers

      Not sure about routing as both modem's lan connections are on the same range as the DC. They're configured straight up as basic port forwarding.

      I would like to consolidat all this hardware into something a bit more simplified EG a Cisco router with ADSL WICS and setup IPSEC tunnels with the exisiting remote branch firewalls and maybe use VPN connections for the other sites that have just internet connections.
      My max outbound connection is a 512 sync adsl connection, so I'll need multiple connections to a router.

      Any thoughts on hardware I could use?

      Comment


      • #4
        Re: Port forwarded RDP connections blocked to terminal servers

        Hi,

        Please review the guide:

        http://www.isaserver.org/tutorials/T...all-Part1.html

        The PIX is the "NAT" device and the "ISA" is yours ISA server.

        I recommanded to use Check Point R65 Power UTM instead of the PIX and buy Cisco 1841/2811 router for connection to ISP (Not in NAT mode).
        It will give higher protection and easy use.
        Best Regards,

        Yuval Sinay

        LinkedIn: https://www.linkedin.com/in/yuval14, Blog: http://blogs.microsoft.co.il/blogs/yuval14

        Comment

        Working...
        X