Terminal Server with 2 NIC's
in [Terminal Services]
|
Prev: "\\tsclient\D is not accessible" message
Next: unable to logon using remote desktop - desktop heap exhaustion
From: TR on 2 Dec 2007 22:04 Hello, I have a member server on a SBS 2003 network that is a terminal server. I added a second network card to the Terminal Server and purchased a public IP so that our remote employees can log into it from the internet on this second network card without having to create a VPN through our SBS server and generate more traffic on our internal network. When I configure the second NIC with the public ip and try to input the Default Gateway that was provided to me by my ISP, i get the error: Warning - Multiple default gateways are intended to provide redundancy to a single network(such as an intranet or internet). They will not fumction properly when the gateways are on two separate, disjoint networks(such as one on your intranet and one on the internet). Do you want to save this configuration? Is what i am trying to do not a valid configuration? Thanks TR
From: Hank Arnold (MVP) on 3 Dec 2007 05:05 TR wrote: > Hello, > > I have a member server on a SBS 2003 network that is a terminal server. I > added a second network card to the Terminal Server and purchased a public IP > so that our remote employees can log into it from the internet on this > second network card without having to create a VPN through our SBS server > and generate more traffic on our internal network. When I configure the > second NIC with the public ip and try to input the Default Gateway that was > provided to me by my ISP, i get the error: > Warning - Multiple default gateways are intended to provide redundancy to a > single network(such as an intranet or internet). They will not fumction > properly when the gateways are on two separate, disjoint networks(such as > one on your intranet and one on the internet). Do you want to save this > configuration? > > Is what i am trying to do not a valid configuration? > > Thanks > > TR > > > > > > Ack!!! What you are trying to do is opening the door to hackers!!! Your serve ris now a gateway into your network!! Never, ever, put a server on an internal network on the internet.... -- Regards, Hank Arnold Microsoft MVP Windows Server - Directory Services
From: TR on 3 Dec 2007 08:26 Geez Hank... Well I am no an expert on routing. How do I give our remote employees access to the terminal server without burdening our current SBS network with all the VPN's and all the traffic they generate on the internal network. If the only thing i have enabled on this TERMINAL nic is TCP\IP and they are using RDP which is supposedly encrypted, how do i set this up? Thanks TR "Hank Arnold (MVP)" <rasilon(a)aol.com> wrote in message news:O07iPQZNIHA.2376(a)TK2MSFTNGP02.phx.gbl... > TR wrote: >> Hello, >> >> I have a member server on a SBS 2003 network that is a terminal server. >> I added a second network card to the Terminal Server and purchased a >> public IP so that our remote employees can log into it from the internet >> on this second network card without having to create a VPN through our >> SBS server and generate more traffic on our internal network. When I >> configure the second NIC with the public ip and try to input the Default >> Gateway that was provided to me by my ISP, i get the error: >> Warning - Multiple default gateways are intended to provide redundancy to >> a single network(such as an intranet or internet). They will not fumction >> properly when the gateways are on two separate, disjoint networks(such as >> one on your intranet and one on the internet). Do you want to save this >> configuration? >> >> Is what i am trying to do not a valid configuration? >> >> Thanks >> >> TR >> >> >> >> >> >> > Ack!!! What you are trying to do is opening the door to hackers!!! Your > serve ris now a gateway into your network!! Never, ever, put a server on > an internal network on the internet.... > > -- > > Regards, > Hank Arnold > Microsoft MVP > Windows Server - Directory Services
From: Vera Noest [MVP] on 3 Dec 2007 16:17 First of all, I agree with Hank that you are taking a big risk. It doesn't matter that rdp is encrypted, because your TS is open for logon attempts from the Internet, and all it needs is just one single user account with a weak password and you're hacked. So I would definitively set your users up with a VPN connection, or SSH, directly to the TS (doesn't have to go through the SBS 2003 server). That said, to answer your original question: I believe that you need to manually configure your Windows routing tables, using the route.exe command. Only one NIC should have a default gateway assigned through the GUI. _________________________________________________________ Vera Noest MCSE, CCEA, Microsoft MVP - Terminal Server TS troubleshooting: http://ts.veranoest.net ___ please respond in newsgroup, NOT by private email ___ "TR" <TR(a)somehwere.com> wrote on 03 dec 2007 in microsoft.public.windows.terminal_services: > > Geez Hank... > > Well I am no an expert on routing. How do I give our remote > employees access to the terminal server without burdening our > current SBS network with all the VPN's and all the traffic they > generate on the internal network. > > If the only thing i have enabled on this TERMINAL nic is TCP\IP > and they are using RDP which is supposedly encrypted, how do i > set this up? > > Thanks > TR > > > "Hank Arnold (MVP)" <rasilon(a)aol.com> wrote in message > news:O07iPQZNIHA.2376(a)TK2MSFTNGP02.phx.gbl... >> TR wrote: >>> Hello, >>> >>> I have a member server on a SBS 2003 network that is a >>> terminal server. I added a second network card to the Terminal >>> Server and purchased a public IP so that our remote employees >>> can log into it from the internet on this second network card >>> without having to create a VPN through our SBS server and >>> generate more traffic on our internal network. When I >>> configure the second NIC with the public ip and try to input >>> the Default Gateway that was provided to me by my ISP, i get >>> the error: Warning - Multiple default gateways are intended to >>> provide redundancy to a single network(such as an intranet or >>> internet). They will not fumction properly when the gateways >>> are on two separate, disjoint networks(such as one on your >>> intranet and one on the internet). Do you want to save this >>> configuration? >>> >>> Is what i am trying to do not a valid configuration? >>> >>> Thanks >>> >>> TR >>> >>> >> Ack!!! What you are trying to do is opening the door to >> hackers!!! Your serve ris now a gateway into your network!! >> Never, ever, put a server on an internal network on the >> internet.... >> >> -- >> >> Regards, >> Hank Arnold >> Microsoft MVP >> Windows Server - Directory Services
From: TR on 3 Dec 2007 20:06 Hi Vera, I am not familiar with SSH. Is this something I would setup directly on the TERMINAL server? Is SSH an open source product? We are having the remote people use VPN now, but the VPN's are created through the SBS2003 box and this is generating alot of traffic on our local lan. Hence my idea about the second network card directly on the TERMINAL server itself with a public IP. thanks TR "Vera Noest [MVP]" <vera.noest(a)remove-this.hem.utfors.se> wrote in message news:Xns99FBE2B9BBCFAveranoesthemutforsse(a)207.46.248.16... > First of all, I agree with Hank that you are taking a big risk. > It doesn't matter that rdp is encrypted, because your TS is open > for logon attempts from the Internet, and all it needs is just one > single user account with a weak password and you're hacked. > So I would definitively set your users up with a VPN connection, or > SSH, directly to the TS (doesn't have to go through the SBS 2003 > server). > > That said, to answer your original question: I believe that you > need to manually configure your Windows routing tables, using the > route.exe command. Only one NIC should have a default gateway > assigned through the GUI. > _________________________________________________________ > Vera Noest > MCSE, CCEA, Microsoft MVP - Terminal Server > TS troubleshooting: http://ts.veranoest.net > ___ please respond in newsgroup, NOT by private email ___ > > "TR" <TR(a)somehwere.com> wrote on 03 dec 2007 in > microsoft.public.windows.terminal_services: > >> >> Geez Hank... >> >> Well I am no an expert on routing. How do I give our remote >> employees access to the terminal server without burdening our >> current SBS network with all the VPN's and all the traffic they >> generate on the internal network. >> >> If the only thing i have enabled on this TERMINAL nic is TCP\IP >> and they are using RDP which is supposedly encrypted, how do i >> set this up? >> >> Thanks >> TR >> >> >> "Hank Arnold (MVP)" <rasilon(a)aol.com> wrote in message >> news:O07iPQZNIHA.2376(a)TK2MSFTNGP02.phx.gbl... >>> TR wrote: >>>> Hello, >>>> >>>> I have a member server on a SBS 2003 network that is a >>>> terminal server. I added a second network card to the Terminal >>>> Server and purchased a public IP so that our remote employees >>>> can log into it from the internet on this second network card >>>> without having to create a VPN through our SBS server and >>>> generate more traffic on our internal network. When I >>>> configure the second NIC with the public ip and try to input >>>> the Default Gateway that was provided to me by my ISP, i get >>>> the error: Warning - Multiple default gateways are intended to >>>> provide redundancy to a single network(such as an intranet or >>>> internet). They will not fumction properly when the gateways >>>> are on two separate, disjoint networks(such as one on your >>>> intranet and one on the internet). Do you want to save this >>>> configuration? >>>> >>>> Is what i am trying to do not a valid configuration? >>>> >>>> Thanks >>>> >>>> TR >>>> >>>> >>> Ack!!! What you are trying to do is opening the door to >>> hackers!!! Your serve ris now a gateway into your network!! >>> Never, ever, put a server on an internal network on the >>> internet.... >>> >>> -- >>> >>> Regards, >>> Hank Arnold >>> Microsoft MVP >>> Windows Server - Directory Services
|
Next
|
Last
Pages: 1 2 Prev: "\\tsclient\D is not accessible" message Next: unable to logon using remote desktop - desktop heap exhaustion |