Discussion:
Restricting TS Users to connect only to Local IP address
(too old to reply)
Korstiaan
2005-07-26 22:15:03 UTC
Permalink
Hi All
I have a W2KTS box with 2 NICs one NIC has an external static IP
Address and one NIC has an internal IP Address.

What I would like to be able to do is restrict users to only connect to
the internal IP Address. So they cannot connect when they are not in
the office and only allow some users to connect to both IP Addresses.

Any ideas if this is possible ?

We do not have any data on the TS box it is purely to connect to the
rest of the corporate system.

Regards

Korstiaan
Rickard(Riwe)
2005-07-27 15:38:43 UTC
Permalink
You can use IPSec to restrict the use of the external ip.
You set up a ipsec rule that listen to port 3389 on the external interface
and then deny connections if the client donŽt have the appropiate ipsec
policy assigned. You can use either certificates or pre-shared key when you
use ipsec.

Rickard
Post by Korstiaan
Hi All
I have a W2KTS box with 2 NICs one NIC has an external static IP
Address and one NIC has an internal IP Address.
What I would like to be able to do is restrict users to only connect to
the internal IP Address. So they cannot connect when they are not in
the office and only allow some users to connect to both IP Addresses.
Any ideas if this is possible ?
We do not have any data on the TS box it is purely to connect to the
rest of the corporate system.
Regards
Korstiaan
Korstiaan
2005-07-28 00:39:29 UTC
Permalink
Hi Rickard
Thank you for your reply.
I was reading your reply to Jason about the 2 NIC scenario.
That would be one of my options as well, I presume

I presume the IPsec option won'teven give the user the connection
screen, correct? so therefor a more secure and delicate way to stop
people getting to the server.

Korstiaan
Post by Rickard(Riwe)
You can use IPSec to restrict the use of the external ip.
You set up a ipsec rule that listen to port 3389 on the external interface
and then deny connections if the client don´t have the appropiate ipsec
policy assigned. You can use either certificates or pre-shared key when you
use ipsec.
Rickard
Post by Korstiaan
Hi All
I have a W2KTS box with 2 NICs one NIC has an external static IP
Address and one NIC has an internal IP Address.
What I would like to be able to do is restrict users to only connect to
the internal IP Address. So they cannot connect when they are not in
the office and only allow some users to connect to both IP Addresses.
Any ideas if this is possible ?
We do not have any data on the TS box it is purely to connect to the
rest of the corporate system.
Regards
Korstiaan
Rickard(Riwe)
2005-07-28 15:10:57 UTC
Permalink
Yes, that is correct, unless the client have the right ipsec response policy
it wonŽt connect to the TS server.

Rickard
"Korstiaan" <***@gateway.nzl.com> wrote in message news:***@g43g2000cwa.googlegroups.com...
Hi Rickard
Thank you for your reply.
I was reading your reply to Jason about the 2 NIC scenario.
That would be one of my options as well, I presume

I presume the IPsec option won'teven give the user the connection
screen, correct? so therefor a more secure and delicate way to stop
people getting to the server.

Korstiaan
Post by Rickard(Riwe)
You can use IPSec to restrict the use of the external ip.
You set up a ipsec rule that listen to port 3389 on the external interface
and then deny connections if the client donŽt have the appropiate ipsec
policy assigned. You can use either certificates or pre-shared key when you
use ipsec.
Rickard
Post by Korstiaan
Hi All
I have a W2KTS box with 2 NICs one NIC has an external static IP
Address and one NIC has an internal IP Address.
What I would like to be able to do is restrict users to only connect to
the internal IP Address. So they cannot connect when they are not in
the office and only allow some users to connect to both IP Addresses.
Any ideas if this is possible ?
We do not have any data on the TS box it is purely to connect to the
rest of the corporate system.
Regards
Korstiaan
Loading...