Windows RDP question

By simonrobinson.techrepublic ·
As a company we support over 100 clients with a mixture of different networks. Mostly though they have a broadband router and a number of PCs behind the router. We routinely need to remotely monitor these PCs. At the moment we are using a combination of LogMeIn IT Reach and RealVNC. But LogMeIn IT Reach costs too much to use on PCs which aren't on a maintenance contract and RealVNC is sluggish and not very functional.

We would like to use RDP since it is functional, free and is already on most of my clients PCs. But my problem is how do I connect to a PC that is behind a firewall? I know i can do port forwarding but that would be messy if there are a number of PCs. Since if I wanted to connect to a specific PC I would have to change the port mappings in the router each time.

LogMeIn uses their own software to get around these problems and RealVNC allows the PC runing the RealVNC server software (MyClient) to initate a TCPIP conection to a listening client (Me). Which means I only have to setup a port forward rule on my router.

So after all that the real question is how can I use RDP to connect to a clients PC, assuming that the client is actually sitting at their PC?

Thanks in advance

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Answers

Collapse -


by CG IT In reply to Windows RDP question

If their using Windows server O/S you could use it for Remote Access. Allows remote VPN connections on WAN miniports and user authentication via a RADIUS or AD [if it's an Active Directory network].

Collapse -


by simonrobinson.techrepublic In reply to depends

So you are saying that, if they have a 2000/2003 server, i should connect to the server using a VPN and then use RDP to the clients?

Collapse -


by 3xp3rt In reply to Windows RDP question

My advice is: Make a VPN connection to the client?s domain. In this case your computer will be a domain computer, and you can easily use the RDP. For this you can use the desired computer IP address or computer name.

Collapse -


by simonrobinson.techrepublic In reply to VPN-RDP

Thanks for the suggestion, ill try that.

I have some clients that use neither domains nor servers, is there anyway you know of that to connect to those machines except direct via TCPIP & port forwading on the router?

Collapse -

port forwading

by 3xp3rt In reply to VPN-RDP

Where is not server or domain, just a router, depending on type of router you can use the following technique: The router has a public IP address, and the computers have some 192.168?.. address. So you can set all this 192.168? IP?s on the router with port range start at 3389 and end at 3389 (RDP port). When you enable one of the 192.168?IP on port range forwarding (or depending on type of router Application, or Gaming) and save these settings, you can connect via RDP to that computer using the public IP address.

Collapse -

Doesn't work...

by iceblast21 In reply to port forwading

Even with port forwarding, I am not getting a remote connection through this method!!!

As far as I can tell, my host computer is simply non-existant on the net! What I am trying to do is connect remotely to my router through the port 3389, and then forward the connection to the PC I am trying to connect to! But this method simply doesn't work. At all!

How do you connect remotely to the PC via port-forwarding? The Remote Desktop program can't do it, and neither can I.E.!

Collapse -

Try This

by jon.cordero In reply to Doesn't work...

When you connect to the router you dont specify port 3389, port 3389 just gets forwarded. For instance, if you want to connect to a pc that has an internal ip of, then on the router, either by telnet or via IE using its wan ip, assuming you are on the outside of the router, you would tell it something like foward tcp port 3389 --> Then in Remote Desktop, just type the wan ip. It will automagically forward to the specified IP. Now if you have multiple pc's you want to connect to then, rdp into one pc, then from that pc, use either vnc or even rdp again to go from pc to pc. It is a cheap but effective method.

Good Luck

Collapse -

Thanks, but....

by iceblast21 In reply to Try This

I'm not exactly following your advice. I'm using the net to connect (since the Remote Desktop program isn't giving me any luck), and I would type in "192.168._.__:3389/tsweb/" into the browser (but with the external IP, not this fake internal, example IP!). And I get no connection.

I've set my router to forward port 3389 to the specific computer I want to connect to (I assigned a permanent internal IP - - to the computer, and I have instructed the router to forward port 3389 to this IP!).

Still not working! I also saw some advice to change the net port of the computer from the standard port 80 to another port of my choosing (for extra security). So my new web address reads: "external_IP:port_I_chose/TSWEB/", but still no go.

The obvious answer might be "don't mess with the host computer ports!" but that doesn't make a difference, as remote desktop will not work with either port 80 or the port I chose (I'm not even sure how changing the host computer web port changes anything..).

I appreciate the advice, and I hope this clears up some specifics on my problem! What am I missing?

Do I need to host a website or have a VPN for this to work??

Collapse -

How do you test this stuff?

by BeastofBurden In reply to Thanks, but....

All my hardware is behind my router so I need to leave my firewall and return to my public IP address somehow. I think some sort of proxy service might be needed but I am not certain how port forwarding might work from a public proxy server. Is that feasible? Can anyone suggest how to test an external configuration from within the same LAN?
Otherwise, I have to take a laptop to another LAN or find an open wireless network nearby.

Collapse -

Just a 'little' tip.. . .

by yurki3 In reply to Thanks, but....

People are always suggesting many kind of things and there is plenty of those who are fanatic what comes to security.

I suggest that you first concentrate to get the system working and after that making it more secure.

If implementing all security tricks at the beginning it just makes situation unnecessarily complicated.


Finally, i got it working.. . .
Like said by many ppl. here before, it just needed simple port forward.

In my case there is ZYXEL BEFSX41 router/switch between my Windows Server 2003 and cabel modem.. and port forwarding is named "Port range forwarding" under "Applications & Gaming".

Under IIS, i was defined different ports for TSWEB, both TCP and SSL.. IP address too. (i have so called multi homed server, meaning that there's many IP's and websites assigned to same NIC, so it was necessarily to direct TSWEB to it's own IP instead of "all unassigned")

Then in ZYXEL's port forwarding i made one rule for both ports;
Application -- start --- end - TCP/UDP ------ IP ----------
RDP SSL -- 34427 - 34427 - BOTH --
RDP TCP -- 34274 - 34274 - BOTH --

After creating those forwards, both MSTSC and TSWEB are working.. i just have to use my public IP with port i assigned;



In my case i have RRAS in use at Server 2003, where more forwarding is done.. like different port assigned to my client machine in another subnet.
Routing and remote access -> IP Routing -> NAT/Basic Firewall -> WAN card properties -> services and ports -> added "RDP to XP Pro" rule, where i created forward rule from port let's say 232323 to port 3389 in IP, which is that XP machine.

I hope this helps someone so that it doesn't take as much time as i have spent with this within last year or two..

Related Discussions

Related Forums