Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Rhinorhino on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Remote Desktop Web Security (How much)

Status
Not open for further replies.
Rookcr

Rookcr

MIS
Joined
Aug 12, 2002
Messages
325
Location
US
Here are my questions.

I currently have a Pix 515 set up and a VPN established. Thru the cisco VPN client I am unable to VPN directly to my XP Pro SP2 Workstations. Today I started reading more about the RDWS and thought that might work for securly connecting to machines on my network from home.

Microsoft does a lot of talking about the security built into RDP 5.1 and it has 128 bit encyption. I wanted to make sure the connection was secure so I was going to do the following:

Create a 128 bit certificate for my TSWEB site then require authentication before you would even see the RDP web screen. From there you would be able to then access the workstations and servers. On my Pix I created an ACL rule to permit any to the outside address that I want to use and gave it port 443 for the certificate. I am unable to connect to the page from outside the firewall. It works internally. Am I missing anything? I Nat the aaddress back to an internal IP address 10.10.10.x for example.

Anyhelp would be appreciated. If this is the wrong forum I apologize.

Thank in advance.

Rook
 
Sort by date Sort by votes
I'm not an expert with PIX devices since my company can't choke down the price tag but I do have the exact same configuration with the exception that I'm using a Netopia. If you can access from the inside but not the outside you need to make sure that your mapping is correct. In my case I could have done a one to one nat but that just exposes the whole machine. I simply added a port forwarding rule into my netopia to pass anything going to my outside ip address on port 443 along to the internal IP address of 192.168.1.220. I then made sure that my firewall rule also allowed this port access to this IP and that was it.
 
Upvote 0 Downvote
1. RD does not support certificates.
2. The Active X component of TSWEB is a redirector; IIs has no active role in TSWEB.
 
Upvote 0 Downvote
BCastner,

How secure is the application. Like I say I have VPN set up to come into the company but I am unable to connect to local workstations. Is this a viable solution and is it secure? May I please have your opinions? Why does it work on the internal LAN? before I ever hit the tsweb page I can get it to prompt for username and password. Is there no way to make this work externally?

Thanks
Rook
 
Upvote 0 Downvote
Consider that you have encryption from the VPN tunnel of MD5 encrypted packets from the RD client, with username and password controls for access, and username and password secure authentication.

For the connection issue, make sure that port 3389 TCP is allowed through the remote router and forwarded to the IP of your remote workstation. In addition, a common "gotcha" is that the IPs used on the Home machine and the remote LAN are in the same subnet. They must be different subnets or the remote site will not pass the packets through the tunnel.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

pjw001
  • Locked
  • Question Question
How to configure Bookmarks in Chrome
Replies
4
Views
962
pjw001
pjw001
Andrzejek
  • Locked
  • Question Question
How to Disable Google Chrome Password Manager
Replies
3
Views
1K
combo
combo
dik
  • Locked
  • Question Question
Change Icon Image on Desktop
Replies
5
Views
1K
JimSmith02
JimSmith02
xarzu
  • Locked
  • Question Question
How is remote debugging allowed on Microsoft SQL Management studio?
Replies
2
Views
619
xarzu
xarzu
dik
  • Locked
  • Question Question
Connecting a Web Camera
Replies
1
Views
270
dik
dik

Part and Inventory Search

Sponsor

Back
Top