General discussion

  • Creator
    Topic
  • #2257650

    Remote desktop web access

    Locked

    by jpknox287 ·

    I am having trouble getting my remote desktop web access working. I have a PIX 501 which i enabled port 3389 by using access-list premit i also configured a static IP which I tested useing whatismyip.com, I checked all windows firewall properties I cant figure out why this is not working. IIS has been installed on both computers eventhough it only has to be on one … any help would be greatly appricated thanks…

All Comments

  • Author
    Replies
    • #3202108

      Re: Remote desktop web access

      by vanlinks ·

      In reply to Remote desktop web access

      Have you place the users in the “remote desktop users” on the terminal server”?

      • #3199492

        Remote desktop users

        by jpknox287 ·

        In reply to Re: Remote desktop web access

        im using the administrator acct do i need to create additional users? I cant even get the web access page to open

        • #3199367

          What’s the error message?

          by curlergirl ·

          In reply to Remote desktop users

          Do you get an error message trying to access the web page? What is it?

        • #3199345

          error message

          by jpknox287 ·

          In reply to What’s the error message?

          I just get the page cannot be displayed error from internet explore

        • #3199279

          Remote admin

          by dasilvakev ·

          In reply to error message

          From what I gather your trying to do this through IE. You have to install the Remote Desktop web administration, in IIS. Try to do it from the RDP application, does it work then?

        • #3166551

          remote admin

          by jpknox287 ·

          In reply to Remote admin

          I installed IIS that was the frist thing i did but i cant get it to work at all.

        • #3229499

          Need more info

          by curlergirl ·

          In reply to remote admin

          I think the problem here is that your question is a little vague with too little detail. The only way you can access remote workstations through IIS is by installing either the Remote Desktop Web Connection with IIS, or by using Small Business Server 2003 with the Remote Web Workplace installed. We are trying to make sure which one you are using.

          Once that’s done, you also have to make sure that the workstation has the “Allow users to connect remotely to this computer” checkbox enabled on the My Computer/Properties/Remote tab.

          When you connect, you need to be using the following URL: http://[servername]/tsweb; or https://[servername]/tsweb, if you are using SSL. If you are connecting remotely through the Internet, the [servername] has to be [servername.domain.com] or some other such publicly registered server. Further, if you are connecting through a firewall, there are several ports that have to be open, including possibly ports 80, 443, 444, 3389 and 4125, depending upon your firewall and network configuration.

          Hope this helps!

        • #3229739

          Remote admin

          by jpknox287 ·

          In reply to remote admin

          ok sorry i need to be more specific… i am trying to use remote desktop web connection to remote over the internet. i have installed IIS and the remote web access from the xp pro cd…i can use the remote web access internally now by using the url “http://computername/tsweb or http://computername.domain.local” but i can not access it using the fully qualified domain name or the IP address i tried “http://IP address:3389/tsweb” i also tried ports 443,444,1452 and i tried https even though i know i using port 3389 and its http…i belive it is a firewall problem now i am using a PIX 501 here is a sample of my config thanks for all the help…
          Building configuration…
          : Saved
          :
          PIX Version 6.3(5)
          interface ethernet0 100full
          interface ethernet1 100full
          nameif ethernet0 outside security0
          nameif ethernet1 inside security100
          enable password nY.FLsx5r.vWJEqD encrypted
          passwd nY.FLsx5r.vWJEqD encrypted
          hostname pixfirewall501
          domain-name
          fixup protocol dns maximum-length 512
          fixup protocol ftp 21
          fixup protocol h323 h225 1720
          fixup protocol h323 ras 1718-1719
          fixup protocol http 80
          fixup protocol rsh 514
          fixup protocol rtsp 554
          fixup protocol sip 5060
          fixup protocol sip udp 5060
          fixup protocol skinny 2000
          fixup protocol smtp 25
          fixup protocol sqlnet 1521
          fixup protocol tftp 69
          names
          access-list deny-flow-max 200
          access-list inside_outbound_nat0_acl permit ip host 192.168.1.4 192.168.1.0 255.255.255.0
          access-list inside_outbound_nat0_acl permit ip any 192.168.1.50 255.255.255.254
          access-list inside_nat0_outbound permit ip 192.168.1.0 255.255.255.0 any
          access-list outside permit tcp any interface outside eq 3389
          access-list outside permit tcp any interface outside eq www
          access-list outside permit tcp any interface outside eq https
          access-list outside permit tcp any interface outside eq 444
          access-list outside permit tcp any interface outside eq 4125
          access-list inside permit tcp any interface inside eq 3389
          access-list inside permit tcp any interface inside eq www
          access-list inside permit tcp any interface inside eq https
          access-list inside permit tcp any interface inside eq 444
          access-list inside permit tcp any interface inside eq 4125
          pager lines 24
          mtu outside 1500
          mtu inside 1500
          ip address outside 66.x.x.x 255.255.255.0
          ip address inside 192.168.1.250 255.255.255.0
          ip verify reverse-path interface outside
          ip audit info action alarm
          ip audit attack action alarm
          ip local pool test 192.168.1.50-192.168.1.51
          pdm location 192.168.1.4 255.255.255.255 inside
          pdm location 66.x.x.x 255.255.255.255 outside
          pdm location 192.168.1.0 255.255.255.0 outside
          pdm location 0.0.0.0 255.255.255.255 outside
          pdm location 0.0.0.0 255.255.255.248 outside
          pdm location 66.x.x.x 255.255.255.255 outside
          pdm location 192.168.1.0 255.255.255.255 inside
          pdm location 192.168.1.252 255.255.255.255 outside
          pdm location 192.168.1.252 255.255.255.254 outside
          pdm location 192.168.1.50 255.255.255.254 outside
          pdm location 66.x.x.x 255.255.255.255 outside
          pdm location 192.168.1.4 255.255.255.255 outside
          pdm location 66.x.x.x 255.255.255.255 inside
          pdm location 66.x.x.x 255.255.255.255 inside
          pdm logging informational 100
          pdm history enable
          arp timeout 14400
          global (outside) 10 interface
          global (outside) 66 255.255.255.0
          global (outside) 66 255.255.255.255
          nat (inside) 0 access-list inside_outbound_nat0_acl
          nat (inside) 10 0.0.0.0 0.0.0.0 0 0
          static (inside,outside) 192.168.1.88 66.x.x.x netmask 255.255.255.255 0 0
          route outside 0.0.0.0 0.0.0.0 66.x.x.x 1
          timeout xlate 0:05:00
          timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
          timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
          timeout sip-disconnect 0:02:00 sip-invite 0:03:00
          timeout uauth 0:05:00 absolute
          aaa-server TACACS+ protocol tacacs+
          aaa-server TACACS+ max-failed-attempts 3
          aaa-server TACACS+ deadtime 10
          aaa-server RADIUS protocol radius
          aaa-server RADIUS max-failed-attempts 3
          aaa-server RADIUS deadtime 10
          aaa-server LOCAL protocol local
          http server enable
          http 192.168.1.0 255.255.255.0 inside
          no snmp-server location
          no snmp-server contact
          snmp-server community public
          no snmp-server enable traps
          floodguard enable
          sysopt connection permit-pptp
          sysopt connection permit-l2tp
          crypto ipsec transform-set TRANS_ESP_3DES_MD5 esp-3des esp-md5-hmac
          crypto ipsec transform-set TRANS_ESP_3DES_MD5 mode transport
          isakmp enable outside
          isakmp key ******** address 0.0.0.0 netmask 0.0.0.0
          isakmp policy 20 authentication pre-share
          isakmp policy 20 encryption 3des
          isakmp policy 20 hash md5
          isakmp policy 20 group 2
          isakmp policy 20 lifetime 86400
          telnet 192.168.1.0 255.255.255.0 inside
          telnet timeout 5
          ssh timeout 5
          console timeout 0
          vpdn group PPTP-VPDN-GROUP accept dialin pptp
          vpdn group PPTP-VPDN-GROUP client configuration address local test
          vpdn group PPTP-VPDN-GROUP client configuration dns 192.168.1.1
          vpdn group PPTP-VPDN-GROUP pptp echo 60
          dhcpd address 192.168.1.2-192.168.1.129 inside
          dhcpd lease 3600
          dhcpd ping_timeout 750
          dhcpd auto_config outside
          vpnclient server 192.168.1.250
          vpnclient mode client-mode
          vpnclient vpngroup test password ********
          vpnclient username knox password ********
          terminal width 80
          Cryptochecksum:826c2d7ade32ede8b703152d78fbd260
          : end
          [OK]

        • #3201852

          Firewall configuration

          by curlergirl ·

          In reply to remote admin

          I’m not familiar with your model of firewall, but the configuration looks good as far as open ports. However, since you are running your web connection on a workstation behind a NAT firewall, you will need to forward the ports directly to the private IP address of that workstation. If you don’t do this, then the firewall doesn’t know what internal IP address is servicing those ports. I don’t know the exact steps you would use on this firewall, but I think that’s probably what you need to do. Typing in the port on the address line would not be necessary and would not work, because you need to be communicating on multiple ports, not just one.

          Hope this helps!

      • #3231047

        remote desktop still doesnt work…

        by jpknox287 ·

        In reply to Re: Remote desktop web access

        i added the following port forwarding…and still nothing …
        static (inside,outside) tcp interface 3389 192.168.1.88 3389 netmask 255.255.255.255 0 0
        static (inside,outside) tcp interface www 192.168.1.88 www netmask 255.255.255.255 0 0
        static (inside,outside) tcp interface pptp 192.168.1.88 pptp netmask 255.255.255.255 0 0

        thanks for all the help

        • #3230908

          Other ports needed

          by curlergirl ·

          In reply to remote desktop still doesnt work…

          What is the address that you are using to get to your remote desktop? Are you sure that you are using a URL that is registered and published on the web so that you can browse to it?

        • #3230884

          URL

          by jpknox287 ·

          In reply to Other ports needed

          thats a good question i thought running IIS would be enough. i tried the URL http://computername.domainname/tsweb…i also tried http://ipaddress:port#/tsweb…ummmm

        • #3230870

          Need published DNS server or public static IP

          by curlergirl ·

          In reply to URL

          OK – normally, you would have a host record on a DNS server that is published on the Internet. However, if you don’t have or want to do that, provided that you have a public static IP address on your router, you can use the IP address. It looks to me as though you are using something in the 66.x.x.x range, but you have to have a static IP address specifically assigned by your ISP and in use by your router. Then, on the address line in your browser, you would type: http://[public static IP address]/tsweb. You don’t need any port number.

          Hope this helps!

        • #3230860

          Its works!

          by jpknox287 ·

          In reply to Need published DNS server or public static IP

          i added “access-group outside in interface outside” to my pix and it works now…thanks for all your help

        • #3230846

          YEAH!

          by curlergirl ·

          In reply to Its works!

          🙂

Viewing 0 reply threads