General discussion

Locked

Remote desktop web access

By jpknox287 ·
I am having trouble getting my remote desktop web access working. I have a PIX 501 which i enabled port 3389 by using access-list premit i also configured a static IP which I tested useing whatismyip.com, I checked all windows firewall properties I cant figure out why this is not working. IIS has been installed on both computers eventhough it only has to be on one ... any help would be greatly appricated thanks...

This conversation is currently closed to new comments.

15 total posts (Page 1 of 2)   01 | 02   Next
| Thread display: Collapse - | Expand +

All Comments

Collapse -

Re: Remote desktop web access

by vanlinks In reply to Remote desktop web access

Have you place the users in the "remote desktop users" on the terminal server"?

Collapse -

Remote desktop users

by jpknox287 In reply to Re: Remote desktop web ac ...

im using the administrator acct do i need to create additional users? I cant even get the web access page to open

Collapse -

What's the error message?

by curlergirl In reply to Remote desktop users

Do you get an error message trying to access the web page? What is it?

Collapse -

error message

by jpknox287 In reply to What's the error message?

I just get the page cannot be displayed error from internet explore

Collapse -

Remote admin

by dasilvakev In reply to error message

From what I gather your trying to do this through IE. You have to install the Remote Desktop web administration, in IIS. Try to do it from the RDP application, does it work then?

Collapse -

remote admin

by jpknox287 In reply to Remote admin

I installed IIS that was the frist thing i did but i cant get it to work at all.

Collapse -

Need more info

by curlergirl In reply to remote admin

I think the problem here is that your question is a little vague with too little detail. The only way you can access remote workstations through IIS is by installing either the Remote Desktop Web Connection with IIS, or by using Small Business Server 2003 with the Remote Web Workplace installed. We are trying to make sure which one you are using.

Once that's done, you also have to make sure that the workstation has the "Allow users to connect remotely to this computer" checkbox enabled on the My Computer/Properties/Remote tab.

When you connect, you need to be using the following URL: http://[servername]/tsweb; or https://[servername]/tsweb, if you are using SSL. If you are connecting remotely through the Internet, the [servername] has to be [servername.domain.com] or some other such publicly registered server. Further, if you are connecting through a firewall, there are several ports that have to be open, including possibly ports 80, 443, 444, 3389 and 4125, depending upon your firewall and network configuration.

Hope this helps!

Collapse -

Remote admin

by jpknox287 In reply to remote admin

ok sorry i need to be more specific... i am trying to use remote desktop web connection to remote over the internet. i have installed IIS and the remote web access from the xp pro cd...i can use the remote web access internally now by using the url "http://computername/tsweb or http://computername.domain.local" but i can not access it using the fully qualified domain name or the IP address i tried "http://IP address:3389/tsweb" i also tried ports 443,444,1452 and i tried https even though i know i using port 3389 and its http...i belive it is a firewall problem now i am using a PIX 501 here is a sample of my config thanks for all the help...
Building configuration...
: Saved
:
PIX Version 6.3(5)
interface ethernet0 100full
interface ethernet1 100full
nameif ethernet0 outside security0
nameif ethernet1 inside security100
enable password nY.FLsx5r.vWJEqD encrypted
passwd nY.FLsx5r.vWJEqD encrypted
hostname pixfirewall501
domain-name
fixup protocol dns maximum-length 512
fixup protocol ftp 21
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol skinny 2000
fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol tftp 69
names
access-list deny-flow-max 200
access-list inside_outbound_nat0_acl permit ip host 192.168.1.4 192.168.1.0 255.255.255.0
access-list inside_outbound_nat0_acl permit ip any 192.168.1.50 255.255.255.254
access-list inside_nat0_outbound permit ip 192.168.1.0 255.255.255.0 any
access-list outside permit tcp any interface outside eq 3389
access-list outside permit tcp any interface outside eq www
access-list outside permit tcp any interface outside eq https
access-list outside permit tcp any interface outside eq 444
access-list outside permit tcp any interface outside eq 4125
access-list inside permit tcp any interface inside eq 3389
access-list inside permit tcp any interface inside eq www
access-list inside permit tcp any interface inside eq https
access-list inside permit tcp any interface inside eq 444
access-list inside permit tcp any interface inside eq 4125
pager lines 24
mtu outside 1500
mtu inside 1500
ip address outside 66.x.x.x 255.255.255.0
ip address inside 192.168.1.250 255.255.255.0
ip verify reverse-path interface outside
ip audit info action alarm
ip audit attack action alarm
ip local pool test 192.168.1.50-192.168.1.51
pdm location 192.168.1.4 255.255.255.255 inside
pdm location 66.x.x.x 255.255.255.255 outside
pdm location 192.168.1.0 255.255.255.0 outside
pdm location 0.0.0.0 255.255.255.255 outside
pdm location 0.0.0.0 255.255.255.248 outside
pdm location 66.x.x.x 255.255.255.255 outside
pdm location 192.168.1.0 255.255.255.255 inside
pdm location 192.168.1.252 255.255.255.255 outside
pdm location 192.168.1.252 255.255.255.254 outside
pdm location 192.168.1.50 255.255.255.254 outside
pdm location 66.x.x.x 255.255.255.255 outside
pdm location 192.168.1.4 255.255.255.255 outside
pdm location 66.x.x.x 255.255.255.255 inside
pdm location 66.x.x.x 255.255.255.255 inside
pdm logging informational 100
pdm history enable
arp timeout 14400
global (outside) 10 interface
global (outside) 66 255.255.255.0
global (outside) 66 255.255.255.255
nat (inside) 0 access-list inside_outbound_nat0_acl
nat (inside) 10 0.0.0.0 0.0.0.0 0 0
static (inside,outside) 192.168.1.88 66.x.x.x netmask 255.255.255.255 0 0
route outside 0.0.0.0 0.0.0.0 66.x.x.x 1
timeout xlate 0:05:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout sip-disconnect 0:02:00 sip-invite 0:03:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server TACACS+ max-failed-attempts 3
aaa-server TACACS+ deadtime 10
aaa-server RADIUS protocol radius
aaa-server RADIUS max-failed-attempts 3
aaa-server RADIUS deadtime 10
aaa-server LOCAL protocol local
http server enable
http 192.168.1.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
floodguard enable
sysopt connection permit-pptp
sysopt connection permit-l2tp
crypto ipsec transform-set TRANS_ESP_3DES_MD5 esp-3des esp-md5-hmac
crypto ipsec transform-set TRANS_ESP_3DES_MD5 mode transport
isakmp enable outside
isakmp key ******** address 0.0.0.0 netmask 0.0.0.0
isakmp policy 20 authentication pre-share
isakmp policy 20 encryption 3des
isakmp policy 20 hash md5
isakmp policy 20 group 2
isakmp policy 20 lifetime 86400
telnet 192.168.1.0 255.255.255.0 inside
telnet timeout 5
ssh timeout 5
console timeout 0
vpdn group PPTP-VPDN-GROUP accept dialin pptp
vpdn group PPTP-VPDN-GROUP client configuration address local test
vpdn group PPTP-VPDN-GROUP client configuration dns 192.168.1.1
vpdn group PPTP-VPDN-GROUP pptp echo 60
dhcpd address 192.168.1.2-192.168.1.129 inside
dhcpd lease 3600
dhcpd ping_timeout 750
dhcpd auto_config outside
vpnclient server 192.168.1.250
vpnclient mode client-mode
vpnclient vpngroup test password ********
vpnclient username knox password ********
terminal width 80
Cryptochecksum:826c2d7ade32ede8b703152d78fbd260
: end
[OK]

Collapse -

Firewall configuration

by curlergirl In reply to remote admin

I'm not familiar with your model of firewall, but the configuration looks good as far as open ports. However, since you are running your web connection on a workstation behind a NAT firewall, you will need to forward the ports directly to the private IP address of that workstation. If you don't do this, then the firewall doesn't know what internal IP address is servicing those ports. I don't know the exact steps you would use on this firewall, but I think that's probably what you need to do. Typing in the port on the address line would not be necessary and would not work, because you need to be communicating on multiple ports, not just one.

Hope this helps!

Collapse -

remote desktop still doesnt work...

by jpknox287 In reply to Re: Remote desktop web ac ...

i added the following port forwarding...and still nothing ...
static (inside,outside) tcp interface 3389 192.168.1.88 3389 netmask 255.255.255.255 0 0
static (inside,outside) tcp interface www 192.168.1.88 www netmask 255.255.255.255 0 0
static (inside,outside) tcp interface pptp 192.168.1.88 pptp netmask 255.255.255.255 0 0

thanks for all the help

Back to IT Employment Forum
15 total posts (Page 1 of 2)   01 | 02   Next

Related Discussions

Related Forums