Need to RDP through Cisco 1841 to TS Gateway hostname

[micser]

Hi All,

First, I am a router novice, but I've worked enough with them to get through this issue with some help.

I set up an MS Terminal Server infrastructure in my internal network and it is working fine on the LAN. Basically, we connect to the terminal server using RDP through the TS Gateway first. Remote access is now required so I installed the purchased SSL certificate to the TS Gateway. Everything is still working fine internally.

The problem is that I cannot connect form the WAN via RDP. From what I understand, the FQDN of the TS Server (ex. computer.domain.lan) has to resolve on the WAN interface of the router. I think I have to reconfigure NAT, open and/or map ports (perhap SSL 443 and RDP 3389), and add some ACL settings.

The router is set up very basic. There is no firewall in between as of yet, so it should be relatively easy for any of you guru's out there to figure this one out.

Please help me out here.

 

[micser]

Here is my current config if this helps out.

xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

Building configuration...

Current configuration : 2153 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname EHCHS-R01
!
boot-start-marker
boot-end-marker
!
no logging buffered
!
no aaa new-model
!
!
dot11 syslog
ip cef
!
!
!
!
ip name-server 66.155.216.122
ip name-server 207.59.153.242
ip name-server 66.251.35.130
ip name-server 192.168.1.7
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!
multilink bundle-name authenticated
!
!
username xxxxxxx privilege 15 secret 5 xxxxxx
!
!
archive
log config
hidekeys
!
!
!
policy-map shape_policy
class class-default
shape average 10000000
!
!
!
!
interface FastEthernet0/0
description Metro Eth WAN to PAETEC$ETH-WAN$
bandwidth 10000
ip address xxx.xx.xxx.xx255.255.255.252
ip access-group NOSPOOF in
no ip redirects
no ip proxy-arp
ip nat outside
ip virtual-reassembly
speed 100
full-duplex
no cdp enable
max-reserved-bandwidth 100
service-policy output shape_policy
!
interface FastEthernet0/1
description BNHC LAN$ETH-LAN$
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 xxx.xx.xxx.xx
!
!
ip http server
ip http authentication local
no ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list 1 interface FastEthernet0/0 overload
!
access-list 1 remark CCP_ACL Category=2
access-list 1 permit 192.168.1.0 0.0.0.255
!
!
!
!
!
!
control-plane
!
!
banner motd ^C
************************************************
You are attempting to access a private network.
Unauthorized logins/access is restricted. Any
attempt to access this device or devices on this
network without prior authorization from the onwer
is illegal and violators will be prosecuted to the
fullest extent of the law.
************************************************
^C
!
line con 0
exec-timeout 30 0
logging synchronous
line aux 0
exec-timeout 30 0
logging synchronous
line vty 0 4
exec-timeout 30 0
logging synchronous
login local
transport input telnet
!
scheduler allocate 20000 1000
end