Terminal Server web access security

[Guest]

I want to enable home user's to access our Win2k Terminal server's using tsweb without having to VPN into our network.

I need some way of insuring that only those clients can access terminal services, I've tried ipsec but that dosn't seem to work because we use NAT on our firewall.

Is their a simple way of securing Port 3389 so that only those clients can access it ?

Thanks

Dave

 

[Steven L Umbach]

Hi Dave. No one else has replied and I have not actually used TSweb so here
is my two cents. The clients will need to connect via IIS to port 80 unless
you change it. If clients have fixed ip addresses then you could configure
your firewall to accept incoming connections to the designated port from
only those addresses. Also be sure to check virtual directory permissions to
make sure they are appropriate for your set up. Anything but using
intergrated authentication will present a risk in password being read. IIS
should not be used without running IIS lockdown tool. See link below for a
great link. --- Steve

http://www.microsoft.com/WindowsXP/expertzone/columns/northrup/03may16.asp

I want to enable home user's to access our Win2k Terminal server's using

tsweb without having to VPN into our network.

I need some way of insuring that only those clients can access terminal

services, I've tried ipsec but that dosn't seem to work because we use NAT
on our firewall.