Home | Contact Us | FAQ | Search & Site Map | Link to Us
Sign In | Join | Other 45 Sites in Network
Home
Discussion GroupsWindows Server 2003Windows 2000Windows NTSmall Business ServerVirtual ServerExchange ServerIISHost Integration ServerISA ServerSMSWSUSMOMWindows Media ServerSecurityCertification
Related Topics
SQL ServerMS WindowsMS OfficePC HardwareMore Topics ...
Windows Server Forum / Windows 2000 / Terminal Services / July 2005

Tip: Looking for answers? Try searching our database.

Restricting TS Users to connect only to Local IP address

Thread view: 
Enable EMail Alerts  Start New Thread
Thread rating: 
Korstiaan - 26 Jul 2005 23:15 GMT
Hi All
I have a W2KTS box with 2 NICs one NIC has an external static IP
Address and one NIC has an internal IP Address.

What I would like to be able to do is restrict users to only connect to
the internal IP Address.   So they cannot connect when they are not in
the office and only allow some users to connect to both IP Addresses.

Any ideas if this is possible ?

We do not have any data on the TS box it is purely to connect to the
rest of the corporate system.

Regards

Korstiaan
Reply to this Message
Rickard(Riwe) - 27 Jul 2005 16:38 GMT
You can use IPSec to restrict the use of the external ip.
You set up a ipsec rule that listen to port 3389 on the external interface
and then deny connections if the client don´t have the appropiate ipsec
policy assigned. You can use either certificates or pre-shared key when you
use ipsec.

Rickard

> Hi All
> I have a W2KTS box with 2 NICs one NIC has an external static IP
[quoted text clipped - 12 lines]
>
> Korstiaan
Reply to this Message
Korstiaan - 28 Jul 2005 01:39 GMT
Hi Rickard
Thank you for your reply.
I was reading your reply to Jason about the 2 NIC scenario.
That would be one of my options as well, I presume

I presume the IPsec option won'teven give the user the connection
screen, correct?  so therefor a more secure and delicate way to stop
people getting to the server.

Korstiaan

> You can use IPSec to restrict the use of the external ip.
> You set up a ipsec rule that listen to port 3389 on the external interface
[quoted text clipped - 20 lines]
> >
> > Korstiaan
Reply to this Message
Rickard(Riwe) - 28 Jul 2005 16:10 GMT
Yes, that is correct, unless the client have the right ipsec response policy
it won´t connect to the TS server.

Rickard
Hi Rickard
Thank you for your reply.
I was reading your reply to Jason about the 2 NIC scenario.
That would be one of my options as well, I presume

I presume the IPsec option won'teven give the user the connection
screen, correct?  so therefor a more secure and delicate way to stop
people getting to the server.

Korstiaan

Rickard(Riwe) wrote:
> You can use IPSec to restrict the use of the external ip.
> You set up a ipsec rule that listen to port 3389 on the external interface
[quoted text clipped - 21 lines]
> >
> > Korstiaan
Reply to this Message
 
Sign In
Join
My Latest Posts
My Monitored Threads
My Blog
My Photo Gallery
My Profile
My Homepage
Start New Thread
Enable EMail Alerts
Rate this Thread



©2009 Advenet LLC   Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.