Connectting to a computer when there is more than one behind a rou

[Anthony]

I appreciate the help so far.
I have another delima that I am not sure how to get around. I am trying to
remote to a computer through the Internet. The host is a client on a business
network and behind a Sonicwall device. the client is at a residence and
connectted to a wireless router. My question is, if you use the ISP assigned
IP address and there is more than one computer behind the router on the
client end, How do you define which one of those computers to connect to. You
have setup a static IP address on the computer you want to connect to, But
the router would have to route the incoming request to that computer. How
does that work?

 

[Bob Lin \(MS-MVP\)]

You will do port forwarding on those routers. Then modify the default port
3389 to other port #. This how to may help.
Terminal Service
How to modify Terminal Server's accessing port. How to Print to a
Local Network Printer in TS How to redirect TS client printers ...
www.howtonetworking.com/server/ts.htm


--
Bob Lin, MS-MVP, MCSE & CNE
Networking, Internet, Routing, VPN Troubleshooting on
http://www.ChicagoTech.net
How to Setup Windows, Network, VPN & Remote Access on
http://www.HowToNetworking.com

 

[JAMiE132]

Hi Anthony,

As already stated by the others you could your static routes to a specific
client, and if you have more than one client that you want to RDP on the LAN
you can change the port used to establish an RDP connection; however I think
VPN would be a better solution and will also enable you to monitor the access
to the LAN.

Regards,

Jamie

 

[JAMiE132]

Perhaps I wasnt entirely clear yesterday. To enable access through a
firewall you would need to allow access inbound to the specific port on the
firewall device. In this case it would be port 3389. You would then create a
static address translation route to a specific client on 3389 aka port
forwarding.

i.e on cisco PIX firewall 501 (I have one at home very inexpensive device
allows for 10 vpn connections using cisco secure vpn client or microsofts vpn
client)

static (inside,outside) tcp interface 3389 192.168.0.3 3389 netmask
255.255.255.255 0 0

A VPN would open up the entire network to traffic. This may not be a

desirable security risk. Connecting to just an RDP session opens only that
machine (and whatever internal resource the logged-in account can access
from it).

I am not sure your knowledge of VPNs and security as a whole; however I and
any security officer I know would never recommend opening 3389 to an internal
network via the internet. The difference of using RDP and VPN is security.
VPN can be tied down more then an RDP session. One example would be split
tunneling as this would isolate the client except for the traffic that is
going down the vpn tunnel, another feature would be routing rules.

Using a VPN would also require a two-step process to connect.

One to 'dial' the VPN and then another to connect to the internal host.
Using port forwarding would require only one step, a connection to the
machineortnumber

A two step process to log on is far better and secure then just typing in a
IP address or DNS name into any rdp client, on any machine, from anywhere
around the world and having access to the microsoft gina aka the windows
logon screen.

My environment requires 2 factor authentication before even logging onto a
domain based workstation/server. Therefore there are three steps, much better
security.

I am aware that this case is not on that scale; however I will still advice
anyone that needs network connectivity between two locations over the
internet to use some sort of VPN access rather than making rdp accessible
over the internet. Regardless if this is just to connect to a home network.

 

[DotPulse]

You can always use secure mediation applications
(some of them offer their service for free for non commercial use)

Examples :

http://www.netgotiator.com (Netgotiator AlterEGO is free for non commercial
use and has also support for RDP, Radmin etc !!)
http://www.uvnc.com/pchelpware/sc/index.html (UltraVNC SC is Free, but suits
more tech savvy users and uses only VNC)
http://www.crossloop.com (I think it is still free but uses also only VNC)

and many many others.