General discussion
-
CreatorTopic
-
August 15, 2006 at 4:12 pm #2257650
Remote desktop web access
Lockedby jpknox287 · about 17 years, 7 months ago
I am having trouble getting my remote desktop web access working. I have a PIX 501 which i enabled port 3389 by using access-list premit i also configured a static IP which I tested useing whatismyip.com, I checked all windows firewall properties I cant figure out why this is not working. IIS has been installed on both computers eventhough it only has to be on one … any help would be greatly appricated thanks…
Topic is locked -
CreatorTopic
All Comments
-
AuthorReplies
-
-
August 15, 2006 at 8:37 pm #3202108
Re: Remote desktop web access
by vanlinks · about 17 years, 7 months ago
In reply to Remote desktop web access
Have you place the users in the “remote desktop users” on the terminal server”?
-
August 16, 2006 at 8:34 am #3199492
Remote desktop users
by jpknox287 · about 17 years, 7 months ago
In reply to Re: Remote desktop web access
im using the administrator acct do i need to create additional users? I cant even get the web access page to open
-
August 16, 2006 at 12:56 pm #3199367
What’s the error message?
by curlergirl · about 17 years, 7 months ago
In reply to Remote desktop users
Do you get an error message trying to access the web page? What is it?
-
August 16, 2006 at 1:57 pm #3199345
error message
by jpknox287 · about 17 years, 7 months ago
In reply to What’s the error message?
I just get the page cannot be displayed error from internet explore
-
August 16, 2006 at 8:53 pm #3199279
Remote admin
by dasilvakev · about 17 years, 7 months ago
In reply to error message
From what I gather your trying to do this through IE. You have to install the Remote Desktop web administration, in IIS. Try to do it from the RDP application, does it work then?
-
August 18, 2006 at 4:29 pm #3166551
remote admin
by jpknox287 · about 17 years, 7 months ago
In reply to Remote admin
I installed IIS that was the frist thing i did but i cant get it to work at all.
-
August 20, 2006 at 7:59 am #3229499
Need more info
by curlergirl · about 17 years, 7 months ago
In reply to remote admin
I think the problem here is that your question is a little vague with too little detail. The only way you can access remote workstations through IIS is by installing either the Remote Desktop Web Connection with IIS, or by using Small Business Server 2003 with the Remote Web Workplace installed. We are trying to make sure which one you are using.
Once that’s done, you also have to make sure that the workstation has the “Allow users to connect remotely to this computer” checkbox enabled on the My Computer/Properties/Remote tab.
When you connect, you need to be using the following URL: http://[servername]/tsweb; or https://[servername]/tsweb, if you are using SSL. If you are connecting remotely through the Internet, the [servername] has to be [servername.domain.com] or some other such publicly registered server. Further, if you are connecting through a firewall, there are several ports that have to be open, including possibly ports 80, 443, 444, 3389 and 4125, depending upon your firewall and network configuration.
Hope this helps!
-
August 21, 2006 at 4:53 pm #3229739
Remote admin
by jpknox287 · about 17 years, 7 months ago
In reply to remote admin
ok sorry i need to be more specific… i am trying to use remote desktop web connection to remote over the internet. i have installed IIS and the remote web access from the xp pro cd…i can use the remote web access internally now by using the url “http://computername/tsweb or http://computername.domain.local” but i can not access it using the fully qualified domain name or the IP address i tried “http://IP address:3389/tsweb” i also tried ports 443,444,1452 and i tried https even though i know i using port 3389 and its http…i belive it is a firewall problem now i am using a PIX 501 here is a sample of my config thanks for all the help…
Building configuration…
: Saved
:
PIX Version 6.3(5)
interface ethernet0 100full
interface ethernet1 100full
nameif ethernet0 outside security0
nameif ethernet1 inside security100
enable password nY.FLsx5r.vWJEqD encrypted
passwd nY.FLsx5r.vWJEqD encrypted
hostname pixfirewall501
domain-name
fixup protocol dns maximum-length 512
fixup protocol ftp 21
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol skinny 2000
fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol tftp 69
names
access-list deny-flow-max 200
access-list inside_outbound_nat0_acl permit ip host 192.168.1.4 192.168.1.0 255.255.255.0
access-list inside_outbound_nat0_acl permit ip any 192.168.1.50 255.255.255.254
access-list inside_nat0_outbound permit ip 192.168.1.0 255.255.255.0 any
access-list outside permit tcp any interface outside eq 3389
access-list outside permit tcp any interface outside eq www
access-list outside permit tcp any interface outside eq https
access-list outside permit tcp any interface outside eq 444
access-list outside permit tcp any interface outside eq 4125
access-list inside permit tcp any interface inside eq 3389
access-list inside permit tcp any interface inside eq www
access-list inside permit tcp any interface inside eq https
access-list inside permit tcp any interface inside eq 444
access-list inside permit tcp any interface inside eq 4125
pager lines 24
mtu outside 1500
mtu inside 1500
ip address outside 66.x.x.x 255.255.255.0
ip address inside 192.168.1.250 255.255.255.0
ip verify reverse-path interface outside
ip audit info action alarm
ip audit attack action alarm
ip local pool test 192.168.1.50-192.168.1.51
pdm location 192.168.1.4 255.255.255.255 inside
pdm location 66.x.x.x 255.255.255.255 outside
pdm location 192.168.1.0 255.255.255.0 outside
pdm location 0.0.0.0 255.255.255.255 outside
pdm location 0.0.0.0 255.255.255.248 outside
pdm location 66.x.x.x 255.255.255.255 outside
pdm location 192.168.1.0 255.255.255.255 inside
pdm location 192.168.1.252 255.255.255.255 outside
pdm location 192.168.1.252 255.255.255.254 outside
pdm location 192.168.1.50 255.255.255.254 outside
pdm location 66.x.x.x 255.255.255.255 outside
pdm location 192.168.1.4 255.255.255.255 outside
pdm location 66.x.x.x 255.255.255.255 inside
pdm location 66.x.x.x 255.255.255.255 inside
pdm logging informational 100
pdm history enable
arp timeout 14400
global (outside) 10 interface
global (outside) 66 255.255.255.0
global (outside) 66 255.255.255.255
nat (inside) 0 access-list inside_outbound_nat0_acl
nat (inside) 10 0.0.0.0 0.0.0.0 0 0
static (inside,outside) 192.168.1.88 66.x.x.x netmask 255.255.255.255 0 0
route outside 0.0.0.0 0.0.0.0 66.x.x.x 1
timeout xlate 0:05:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout sip-disconnect 0:02:00 sip-invite 0:03:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server TACACS+ max-failed-attempts 3
aaa-server TACACS+ deadtime 10
aaa-server RADIUS protocol radius
aaa-server RADIUS max-failed-attempts 3
aaa-server RADIUS deadtime 10
aaa-server LOCAL protocol local
http server enable
http 192.168.1.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
floodguard enable
sysopt connection permit-pptp
sysopt connection permit-l2tp
crypto ipsec transform-set TRANS_ESP_3DES_MD5 esp-3des esp-md5-hmac
crypto ipsec transform-set TRANS_ESP_3DES_MD5 mode transport
isakmp enable outside
isakmp key ******** address 0.0.0.0 netmask 0.0.0.0
isakmp policy 20 authentication pre-share
isakmp policy 20 encryption 3des
isakmp policy 20 hash md5
isakmp policy 20 group 2
isakmp policy 20 lifetime 86400
telnet 192.168.1.0 255.255.255.0 inside
telnet timeout 5
ssh timeout 5
console timeout 0
vpdn group PPTP-VPDN-GROUP accept dialin pptp
vpdn group PPTP-VPDN-GROUP client configuration address local test
vpdn group PPTP-VPDN-GROUP client configuration dns 192.168.1.1
vpdn group PPTP-VPDN-GROUP pptp echo 60
dhcpd address 192.168.1.2-192.168.1.129 inside
dhcpd lease 3600
dhcpd ping_timeout 750
dhcpd auto_config outside
vpnclient server 192.168.1.250
vpnclient mode client-mode
vpnclient vpngroup test password ********
vpnclient username knox password ********
terminal width 80
Cryptochecksum:826c2d7ade32ede8b703152d78fbd260
: end
[OK] -
August 22, 2006 at 7:11 am #3201852
Firewall configuration
by curlergirl · about 17 years, 7 months ago
In reply to remote admin
I’m not familiar with your model of firewall, but the configuration looks good as far as open ports. However, since you are running your web connection on a workstation behind a NAT firewall, you will need to forward the ports directly to the private IP address of that workstation. If you don’t do this, then the firewall doesn’t know what internal IP address is servicing those ports. I don’t know the exact steps you would use on this firewall, but I think that’s probably what you need to do. Typing in the port on the address line would not be necessary and would not work, because you need to be communicating on multiple ports, not just one.
Hope this helps!
-
-
August 22, 2006 at 3:38 pm #3231047
remote desktop still doesnt work…
by jpknox287 · about 17 years, 7 months ago
In reply to Re: Remote desktop web access
i added the following port forwarding…and still nothing …
static (inside,outside) tcp interface 3389 192.168.1.88 3389 netmask 255.255.255.255 0 0
static (inside,outside) tcp interface www 192.168.1.88 www netmask 255.255.255.255 0 0
static (inside,outside) tcp interface pptp 192.168.1.88 pptp netmask 255.255.255.255 0 0thanks for all the help
-
August 23, 2006 at 7:12 am #3230908
Other ports needed
by curlergirl · about 17 years, 7 months ago
In reply to remote desktop still doesnt work…
What is the address that you are using to get to your remote desktop? Are you sure that you are using a URL that is registered and published on the web so that you can browse to it?
-
August 23, 2006 at 8:11 am #3230884
URL
by jpknox287 · about 17 years, 7 months ago
In reply to Other ports needed
thats a good question i thought running IIS would be enough. i tried the URL http://computername.domainname/tsweb…i also tried http://ipaddress:port#/tsweb…ummmm
-
August 23, 2006 at 9:26 am #3230870
Need published DNS server or public static IP
by curlergirl · about 17 years, 7 months ago
In reply to URL
OK – normally, you would have a host record on a DNS server that is published on the Internet. However, if you don’t have or want to do that, provided that you have a public static IP address on your router, you can use the IP address. It looks to me as though you are using something in the 66.x.x.x range, but you have to have a static IP address specifically assigned by your ISP and in use by your router. Then, on the address line in your browser, you would type: http://[public static IP address]/tsweb. You don’t need any port number.
Hope this helps!
-
August 23, 2006 at 9:44 am #3230860
Its works!
by jpknox287 · about 17 years, 7 months ago
In reply to Need published DNS server or public static IP
i added “access-group outside in interface outside” to my pix and it works now…thanks for all your help
-
August 23, 2006 at 10:57 am #3230846
-
-
-
-
AuthorReplies