Restricting TS Users to connect only to Local IP address

[Korstiaan]

Hi All
I have a W2KTS box with 2 NICs one NIC has an external static IP
Address and one NIC has an internal IP Address.

What I would like to be able to do is restrict users to only connect to
the internal IP Address. So they cannot connect when they are not in
the office and only allow some users to connect to both IP Addresses.

Any ideas if this is possible ?

We do not have any data on the TS box it is purely to connect to the
rest of the corporate system.

Regards

Korstiaan

 

[Rickard\(Riwe\)]

You can use IPSec to restrict the use of the external ip.
You set up a ipsec rule that listen to port 3389 on the external interface
and then deny connections if the client don´t have the appropiate ipsec
policy assigned. You can use either certificates or pre-shared key when you
use ipsec.

Rickard

 

[Korstiaan]

Hi Rickard
Thank you for your reply.
I was reading your reply to Jason about the 2 NIC scenario.
That would be one of my options as well, I presume

I presume the IPsec option won'teven give the user the connection
screen, correct? so therefor a more secure and delicate way to stop
people getting to the server.

Korstiaan

 

[Rickard\(Riwe\)]

Yes, that is correct, unless the client have the right ipsec response policy
it won´t connect to the TS server.

Rickard
Hi Rickard
Thank you for your reply.
I was reading your reply to Jason about the 2 NIC scenario.
That would be one of my options as well, I presume

I presume the IPsec option won'teven give the user the connection
screen, correct? so therefor a more secure and delicate way to stop
people getting to the server.

Korstiaan