Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Setup remote access to server - VPN? 1

Status
Not open for further replies.
scriggs

scriggs

IS-IT--Management
Jun 1, 2004
286
GB
I have a Windows SBS 2003 install and want to setup remote access.

As a simple test I just port forwarded the relevant ports from our firewall to the server.

I am aware this is not a secure method and want to setup a secure access.

Can anyone give me a brief idea of how to acheive this? I assume a VPN connection, then login to the network (i.e. terminal services).

Can anyone actually give me a bit of a step-by-step?
 
Sort by date Sort by votes
You can use terminal services with a VPN connection. With "administration only" licensing you can only use 2 connections at a time to the server.

Setting up the VPN connection requires a firewall or some kind of VPN server. Do you have a firewall? If not, you can use a Windows 2003 server as a VPN server.

See here:

It's a lot easier with a PIX or other firewall.

Once you have the VPN connection set up, you can simply open a remote desktop connection on the client PC to the inside IP adress of the server. Or, you can set up Remote Desktop Web Connection on the server.

See here:
 
Upvote 0 Downvote
Thanks, that's just what I was looking for. A couple of queries:

1. On the firewall I assume the only port I need to open is the VPN port, no other ports like 80,443,etc. That is why connecting over VPN is more secure?

2. In your experience do VPN setups need a proprietary client? We have a netgear VPN router which needs a client which is difficult to administer for non-techy's.

3. Once the VPN is connected, I assume the user needs to start a TS connection and enter the internal IP address (or use local DNS resolution). Is there anyway to get this automated so that it is automatic?
 
Upvote 0 Downvote
When you set up the VPN connection on the firewall, it's OK to let all ports through. (If you have a secure connection, there's no reason not to, and it'll make network brousing, share access, etc. a lot easier.) When you set up the VPN connection on the firewall, you should specify either specify a pool of IP addresses and your internal DNS server, or specify internal DHCP server for the VPN client. This way the VPN client machine gets an address on your internal network, your internal DNS, WINS, etc.

There is no need for a proprietary VPN client. You can configure a PPTP or L2TP connection on the client, as long as you allow it on the firewall VPN setup.

Once the VPN is open you can have the user start the remote connection using the internal IP address of the server. To make it automatic you can download the Remote Desktop MMC snapin, which will save the connection settings for multiple remote control sessions.

Try using Remote Desktop Web Connection, which I use. The users just go to desktop.domain.com and they get right in on port 80 after logging in. Once you set it up, it's the easiest way to connect. You can set it up with SSL or a certificate if you want to make it more secure.
 
Upvote 0 Downvote
Guys, this is SBS which already provides a specific and secure interface for this.

Remote Web Workplace is what you should be using. Your firewall should only need the following ports to be open:

25 (SMTP)
80 (HTTP)
123 (TIME SERVICE)
443 (HTTPS)
4125 (Remote Web Workplace)

If you walked through the "Connect to the Internet" wizard in the SBS ToDo list, then it will have configured a Certificate for you. If you did not select to allow RWW then just re-run the wizard and it will configure the server for you.

Note that if you have modified any users to not use the Default Recipient Policy from Exchange you may need to reconfigure those changes after running the Wizard.

Opening port 3389 for RDP access is not considered secure.

WanGuy2's suggestion of using the Web interface is also a good one.

I hope you find this post helpful.

Regards,

Mark
 
Upvote 0 Downvote
Thanks for the reply guys.

Mark, I have activated RWW but had 2 issues with it:
1. I wasn't confident it is secure - my understanding is that a VPN is much better
2. RWW gives access to individual workstations which are left on. I want access to a terminal server install.
 
Upvote 0 Downvote
I wouldn't use the SBS server as the VPN, you need to setup a separte server with ISA running on it, this way you can setup your vpn and restrict access to the rest of your network. If you already have a firewall in place then you could just setup a server running "routing and remote access" and have the firewall forward request to it. Check out they have some really great scenarios and walkthroughs
 
Upvote 0 Downvote
RWW can give you access to the server too. You have to connect with Admin credentials.

All RWW traffic is encrypted so it IS secure.

I hope you find this post helpful.

Regards,

Mark
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

MaioMaio
  • Locked
  • Question
Server Remote Desktop License
Replies
0
Views
205
MaioMaio
MaioMaio
Aquiles Vidal
  • Locked
  • Question
Web Browsers in Windows Server or Terminal Server
Replies
0
Views
255
Aquiles Vidal
Aquiles Vidal
rzammit82
  • Locked
  • Question
Windows Server 2016 - DNS/AD problem
Replies
1
Views
293
suncit
suncit
tscstl
  • Locked
  • Question
access to local folder
Replies
1
Views
122
hairlessupportmonkey
hairlessupportmonkey
antonio_dsanchez
  • Locked
  • Question
post-installation WSUS windows server 2016
Replies
0
Views
215
antonio_dsanchez
antonio_dsanchez

Part and Inventory Search

Sponsor

Back
Top