Announcement

Collapse
No announcement yet.

TS Gateway behind a router...

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • TS Gateway behind a router...

    OK the situation I have is a Virgin Media Cable connection @ 10Mbits connecting to a Netgear WPN824v2 Router (which can only forward incoming ports to the same port - GRRR!)

    My Windows Server 2008 is on internal IP 192.168.1.200 (fixed by Router DHCP), my W7 laptop is on 192.168.1.100 (fixed by router DHCP).

    I have installed Term Servs, TS Licensing, TS Gateway and TS Web Access on my server, and can RDP to all my internal machines from other internal machines by TS Web Access (by entering https://<WAN IP>/ts )

    At work I have a desktop running on W7, behind a firewall which explicitly blocks port 3389 TCP/UDP outgoing. My colleague has TS Gateway working at work to his home PC.

    I can connect to the web interface and see the published apps on the interface; but when I try to RDP to an internal PC I can't - it can't find the internal machines either by IP or name. It LOOKS LIKE the TS Web Access session thinks that "Local IPs" are the ones at work, NOT at home; so obviously it can't find the internal ones at home.

    On the router I have ports 3389, 443 and 8767 forwarded directly to the TS Gateway server. There is no Windows Domain, all are in a workgroup.

    Can anyone please help me move this on? Thanks in advance...


    Tom
    For my own and your protection, I do not provide support by private message under any circumstances. All such messages will be deleted and ignored.

    Anything you say will be misquoted and used against you

  • #2
    Re: TS Gateway behind a router...

    I've got this work fine.

    First all you should need is port 443 forwarded from your router to your TSGateway server. You also need to install the self signed certificate that was created when you installed / configured TSGateway on your server on your works PC. The certificate needs to be a valid A host i.e TSG.domain.com and this needs to resolve to your external IP address (I use zoneedit.com to host my external domains)

    Once you have all that you should be able to configure RDP to use a TSGateway that matches your certificate and then connect to a server on your internal LAN.

    Hope it makes sense.

    Michael
    Michael Armstrong
    www.m80arm.co.uk
    MCITP: EA, MCTS, MCSE 2003, MCSA 2003: Messaging, CCA, VCP 3.5, 4, 5, VCAP5-DCD, VCAP5-DCA, ITIL, MCP, PGP Certified Technician

    ** Remember to give credit where credit is due and leave reputation points sigpic where appropriate **

    Comment


    • #3
      Re: TS Gateway behind a router...

      Certificate?! What certificate?! LOL

      I specified "use a home-grown certificate" during installation but it didn't ask me to actually CREATE one....?!


      Tom
      For my own and your protection, I do not provide support by private message under any circumstances. All such messages will be deleted and ignored.

      Anything you say will be misquoted and used against you

      Comment


      • #4
        Re: TS Gateway behind a router...

        By default it stores the certificate in:

        c:\users\%username%\documents.

        You can create a new on by going to Start -> Administrative Tools -> Remote Desktop Services -> Remote Desktop Gateway Manager and right clicking on the server node and selecting properties. You then have the tab along the top that says SSL Certificate. Create a new self-signed certificate and follow the instructions.

        Import the new certificate on your work machine (Make sure if goes in the local computer Trusted root certificate store)

        Michael
        Michael Armstrong
        www.m80arm.co.uk
        MCITP: EA, MCTS, MCSE 2003, MCSA 2003: Messaging, CCA, VCP 3.5, 4, 5, VCAP5-DCD, VCAP5-DCA, ITIL, MCP, PGP Certified Technician

        ** Remember to give credit where credit is due and leave reputation points sigpic where appropriate **

        Comment


        • #5
          Re: TS Gateway behind a router...

          Thanks man I'll give it a shot...


          Tom
          For my own and your protection, I do not provide support by private message under any circumstances. All such messages will be deleted and ignored.

          Anything you say will be misquoted and used against you

          Comment

          Working...
          X