Hello,
Back with my previous company the network was set up so that I could access a certain server by typing in the IP address through remote desktop. Once I was in I could remote to any other server on the network through this particular server. I did not need to establish VPN or anything.
Currently, we are trying to get this going on a new rack server. This server is under a different firewall, different ISP, and different domain. What is the best way to establish a connection via RDP through an IP address? Am I going to have to establish a VPN? Is it possible to remote desktop to it's public IP address without a VPN connection? Any help or advice would be welcome since I am new to networking, Thank you in advance.
This is pretty easy to setup however, do you have access to the firewall for the new rack server? If the server is going to have a public IP and has the proper port 3389 open then you should be able to connect to the server without the need to establish a tunnel.
- Are you smarter than most IT pros? Take the Daily Challenge »
- RDP issue, cant remote directly to PC2 from PC1
- Changing IP/Subnet on Server 2012R2
- Windows 10 on 2 networks, can't connect to a switch
The help desk software for IT. Free.
Track users' IT needs, easily, and with only the features you need.
13 Replies
This is pretty easy to setup however, do you have access to the firewall for the new rack server? If the server is going to have a public IP and has the proper port 3389 open then you should be able to connect to the server without the need to establish a tunnel.
decode is an IT service provider.
RDP gateway?
//alittlestrange.com/tfoa/2009/11/06/intro-to-windows-2008-r2-remote-desktop-gateway
Verecloud is an IT service provider.
I would recommend either the gateway or a VPN product. Having a public IP with the RDP port open is just asking for trouble, especially if you have multiple users and passwords that are not changed on the account every 3 months with sophisticated logging and monitoring to detect intrusions.
OpenVPN is a pretty good tool for cheap secure connectivity.
As Astral mentioned, you will need to open port 3389 [Default RDP Port] on our firewall. Depending on your setup, you will mostly likely need to setup NAT on the firewall and assign a static public IP to the internal address of the server and then make sure port 3389 is open for that NAT translation.
I would advise against that, especially if it's a server you are doing this for. Possibly setup an old workstation as the machine you login into first if you want to avoid the VPN.
Russell_W wrote:
I would recommend either the gateway or a VPN product. Having a public IP with the RDP port open is just asking for trouble, especially if you have multiple users and passwords that are not changed on the account every 3 months with sophisticated logging and monitoring to detect intrusions.
OpenVPN is a pretty good tool for cheap secure connectivity.
I highly agree with Russell. We once had access to our terminal server via an open 3389 port, and all of a sudden I noticed connections from Taiwan and Japan. I quickly closed that port and required a VPN connection, or RWW.
I agree with Nick.. get yourself a VPN or SSL product like the sonicwall SSL200
its easy as pie, and wicked secure
echoing what came before.
I use our ClearOS firewall and use security thru obscurity and have a random port forwarded to 3389 on the server. It was super simple to set up.
Thanks for the replies. So the easiest/less secure route is to simply open up port 3389 on the firewall and that should then allow me to access the server via public IP?
YoungITPro wrote:
Thanks for the replies. So the easiest/less secure route is to simply open up port 3389 on the firewall and that should then allow me to access the server via public IP?
Yes. It is insecure, but it will allow you connect remotely via RDP w/ IP address. If you are doing it short term, have strong passwords, etc then it is ok, but for a long term solution, use a VPN.
You can also use a non-standard port to the cloud and use your firewall to translate to 3389 internally [i.e. connect from remote on port 46712 and your firewall knows to forward that as 3389 internally to your destination server].
Brand Representative for Contronex - G Data Distributor
If you are going to do the public IP route, I would at least change the port number. It is a quick fix in the registry, so then people wouldn't have an idea of the RDP port at least, then just set a forward up in the router to the server.
Thanks for all the info guys. Was my first time messing around with the firewall. A good learning experience. Thanks for everything.
and don't forget to make sure the server your are RDP-ing TO has March's MS-updates installed so you're exposing a know vulnerability in RDP to an internet facing connection.
This topic has been locked by an administrator and is no longer open for commenting.
To continue this discussion, please ask a new question.