Sign in with
Sign up | Sign in
Your question

setting up RD without a VPN connection ?

Last response: in Windows XP
Share
Anonymous
September 30, 2004 10:22:31 PM

Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

I want to remotely control a computer that has Windows XP Pro SP2 on it.
I'd like to use remote desktop in the simpliest configuration. Can I use RD
without a VPN connection? Should I be using something other than RD? FYI,
the client computer is running windows 2000 pro SP4. I've followed the
directions at
http://www.microsoft.com/windowsxp/using/mobility/getst...
But I can't seem to get RD to work.

Daniel

More about : setting vpn connection

Anonymous
September 30, 2004 10:22:32 PM

Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

What error or problem are you having? Be specific as possible. Is this over a LAN? Is this over the
public internet? Is Remote Desktop enabled on the XP Pro box? How are you calling from the W2K box
to the XP Pro box, ie. using the IP of the XP box or a host name?

If the XP Pro box is behind a firewall/NAT/router you need to open TCP Port 3389. Call using the
public IP of the firewall/NAT/router. Also, is the SP2 Windows Firewall enabled? If so, you need to
get into the "Exceptions" window and configure Remote Desktop by checking the checkbox.

--
Al Jarvi (MS-MVP Windows Networking)

Please post *ALL* questions and replies to the news group for the mutual benefit of all of us...
The MS-MVP Program - http://mvp.support.microsoft.com
This posting is provided "AS IS" with no warranties, and confers no rights...

"Daniel Rascoe" <danielrascoe@hotmail.com> wrote in message
news:uWcXgOzpEHA.3464@TK2MSFTNGP14.phx.gbl...
>I want to remotely control a computer that has Windows XP Pro SP2 on it. I'd like to use remote
>desktop in the simpliest configuration. Can I use RD without a VPN connection? Should I be using
>something other than RD? FYI, the client computer is running windows 2000 pro SP4. I've followed
>the directions at
> http://www.microsoft.com/windowsxp/using/mobility/getst...
> But I can't seem to get RD to work.
>
> Daniel
>
Anonymous
September 30, 2004 11:47:24 PM

Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

Keep talking to Al, but I just want to reiterate that the VPN is not
necessary for RD to work, nor is the VPN needed so that the information
being transmitted is encrypted.

A VPN connection does make the connection more secure--less susceptable to
certain types of attacks--"man in the middle" attacks.

You can definitely work without it and many of us do, regularly.

"Daniel Rascoe" <danielrascoe@hotmail.com> wrote in message
news:uWcXgOzpEHA.3464@TK2MSFTNGP14.phx.gbl...
>I want to remotely control a computer that has Windows XP Pro SP2 on it.
>I'd like to use remote desktop in the simpliest configuration. Can I use RD
>without a VPN connection? Should I be using something other than RD? FYI,
>the client computer is running windows 2000 pro SP4. I've followed the
>directions at
> http://www.microsoft.com/windowsxp/using/mobility/getst...
> But I can't seem to get RD to work.
>
> Daniel
>
Related resources
Anonymous
October 1, 2004 12:57:38 AM

Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

The client cannot connect to the host. This is over the public internet. The
client is in New Jersey. The host is in Rio de Janeiro, Brazil. The
connection in Brazil is very slow, sometimes as slow as 20 kbps with high
ping times. The client is running Win2K SP4. The host is running WinXP Pro
SP2. Remote Desktop is enabled in the remote tab of the system control
panel. The client is using the remote desktop client software and is typing
in the IP of the host to try to connect. Offhand I don't remember the exact
text of the error message but it was generic sounding, "unable to estable a
connection". The host has the windows firewall turned off. The host is
directly connected to the internet and is not using a router. What other
details would be helpful in diagnosing the problem?

Thanks for the reply.

Daniel

"Sooner Al" <SoonerAl@somewhere.net.invalid> wrote in message
news:o KaBkSzpEHA.3668@TK2MSFTNGP15.phx.gbl...
> What error or problem are you having? Be specific as possible. Is this
> over a LAN? Is this over the public internet? Is Remote Desktop enabled on
> the XP Pro box? How are you calling from the W2K box to the XP Pro box,
> ie. using the IP of the XP box or a host name?
>
> If the XP Pro box is behind a firewall/NAT/router you need to open TCP
> Port 3389. Call using the public IP of the firewall/NAT/router. Also, is
> the SP2 Windows Firewall enabled? If so, you need to get into the
> "Exceptions" window and configure Remote Desktop by checking the checkbox.
>
> --
> Al Jarvi (MS-MVP Windows Networking)
>
> Please post *ALL* questions and replies to the news group for the mutual
> benefit of all of us...
> The MS-MVP Program - http://mvp.support.microsoft.com
> This posting is provided "AS IS" with no warranties, and confers no
> rights...
>
> "Daniel Rascoe" <danielrascoe@hotmail.com> wrote in message
> news:uWcXgOzpEHA.3464@TK2MSFTNGP14.phx.gbl...
>>I want to remotely control a computer that has Windows XP Pro SP2 on it.
>>I'd like to use remote desktop in the simpliest configuration. Can I use
>>RD without a VPN connection? Should I be using something other than RD?
>>FYI, the client computer is running windows 2000 pro SP4. I've followed
>>the directions at
>> http://www.microsoft.com/windowsxp/using/mobility/getst...
>> But I can't seem to get RD to work.
>>
>> Daniel
>>
>
Anonymous
October 1, 2004 1:02:05 AM

Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

Can the client ping the host machine?

Running with no firewall at all is risky.

Are you certain that there are no other software firewalls involved? Have
you checked that the IP address as seen by the host is the same IP address
as seen by going to :

http://whatismyip.com/

from the host--I'm trying to be sure that the ISP isn't running a
transparent proxy.


"Daniel Rascoe" <danielrascoe@hotmail.com> wrote in message
news:o 70QMl0pEHA.592@TK2MSFTNGP11.phx.gbl...
> The client cannot connect to the host. This is over the public internet.
> The client is in New Jersey. The host is in Rio de Janeiro, Brazil. The
> connection in Brazil is very slow, sometimes as slow as 20 kbps with high
> ping times. The client is running Win2K SP4. The host is running WinXP Pro
> SP2. Remote Desktop is enabled in the remote tab of the system control
> panel. The client is using the remote desktop client software and is
> typing in the IP of the host to try to connect. Offhand I don't remember
> the exact text of the error message but it was generic sounding, "unable
> to estable a connection". The host has the windows firewall turned off.
> The host is directly connected to the internet and is not using a router.
> What other details would be helpful in diagnosing the problem?
>
> Thanks for the reply.
>
> Daniel
>
> "Sooner Al" <SoonerAl@somewhere.net.invalid> wrote in message
> news:o KaBkSzpEHA.3668@TK2MSFTNGP15.phx.gbl...
>> What error or problem are you having? Be specific as possible. Is this
>> over a LAN? Is this over the public internet? Is Remote Desktop enabled
>> on the XP Pro box? How are you calling from the W2K box to the XP Pro
>> box, ie. using the IP of the XP box or a host name?
>>
>> If the XP Pro box is behind a firewall/NAT/router you need to open TCP
>> Port 3389. Call using the public IP of the firewall/NAT/router. Also, is
>> the SP2 Windows Firewall enabled? If so, you need to get into the
>> "Exceptions" window and configure Remote Desktop by checking the
>> checkbox.
>>
>> --
>> Al Jarvi (MS-MVP Windows Networking)
>>
>> Please post *ALL* questions and replies to the news group for the mutual
>> benefit of all of us...
>> The MS-MVP Program - http://mvp.support.microsoft.com
>> This posting is provided "AS IS" with no warranties, and confers no
>> rights...
>>
>> "Daniel Rascoe" <danielrascoe@hotmail.com> wrote in message
>> news:uWcXgOzpEHA.3464@TK2MSFTNGP14.phx.gbl...
>>>I want to remotely control a computer that has Windows XP Pro SP2 on it.
>>>I'd like to use remote desktop in the simpliest configuration. Can I use
>>>RD without a VPN connection? Should I be using something other than RD?
>>>FYI, the client computer is running windows 2000 pro SP4. I've followed
>>>the directions at
>>> http://www.microsoft.com/windowsxp/using/mobility/getst...
>>> But I can't seem to get RD to work.
>>>
>>> Daniel
>>>
>>
>
>
Anonymous
October 1, 2004 11:44:16 AM

Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

The client can NOT ping the host. I turned the firewall off to make sure it
wasn't the problem. If I can connect with the firewall off, then I'll try to
turn it on and still keep the RD connection. I am not certain that there are
no other software firewalls involved. But I am certain that the host
computer only has the WinXP SP2 firewall and that it is turned off. I got
the following info from www.pcpitstop.com
Bandwidth down: 100 Kbits/sec
Bandwidth up: 346 Kbits/sec
Average Ping: 153 ms
Ping Loss: 0%
TCP Receive Window: (default)
External IP Address: 200.xxx.xx.xx
Internal IP Address: 10.xx.xx.xxx
Browser: MSIE 6.0; SV1
IE current cache: 54 MB
IE max cache: 80 MB

I put Xs in for some of the numbers above for security reasons.
http://www.whatismyip.com/ gives me that same IP address as the above
external IP address.
I'm pretty knowledgeable with PCs but not with networking. Thank you for
your help.

Daniel

--------------------------------------------
"Bill Sanderson" <Bill_Sanderson@msn.com.plugh.org> wrote in message
news:o LiQIJ1pEHA.3988@tk2msftngp13.phx.gbl...
> Can the client ping the host machine?
>
> Running with no firewall at all is risky.
>
> Are you certain that there are no other software firewalls involved? Have
> you checked that the IP address as seen by the host is the same IP address
> as seen by going to :
>
> http://whatismyip.com/
>
> from the host--I'm trying to be sure that the ISP isn't running a
> transparent proxy.
>
>
> "Daniel Rascoe" <danielrascoe@hotmail.com> wrote in message
> news:o 70QMl0pEHA.592@TK2MSFTNGP11.phx.gbl...
>> The client cannot connect to the host. This is over the public internet.
>> The client is in New Jersey. The host is in Rio de Janeiro, Brazil. The
>> connection in Brazil is very slow, sometimes as slow as 20 kbps with high
>> ping times. The client is running Win2K SP4. The host is running WinXP
>> Pro SP2. Remote Desktop is enabled in the remote tab of the system
>> control panel. The client is using the remote desktop client software and
>> is typing in the IP of the host to try to connect. Offhand I don't
>> remember the exact text of the error message but it was generic sounding,
>> "unable to estable a connection". The host has the windows firewall
>> turned off. The host is directly connected to the internet and is not
>> using a router. What other details would be helpful in diagnosing the
>> problem?
>>
>> Thanks for the reply.
>>
>> Daniel
>>
>> "Sooner Al" <SoonerAl@somewhere.net.invalid> wrote in message
>> news:o KaBkSzpEHA.3668@TK2MSFTNGP15.phx.gbl...
>>> What error or problem are you having? Be specific as possible. Is this
>>> over a LAN? Is this over the public internet? Is Remote Desktop enabled
>>> on the XP Pro box? How are you calling from the W2K box to the XP Pro
>>> box, ie. using the IP of the XP box or a host name?
>>>
>>> If the XP Pro box is behind a firewall/NAT/router you need to open TCP
>>> Port 3389. Call using the public IP of the firewall/NAT/router. Also, is
>>> the SP2 Windows Firewall enabled? If so, you need to get into the
>>> "Exceptions" window and configure Remote Desktop by checking the
>>> checkbox.
>>>
>>> --
>>> Al Jarvi (MS-MVP Windows Networking)
>>>
>>> Please post *ALL* questions and replies to the news group for the mutual
>>> benefit of all of us...
>>> The MS-MVP Program - http://mvp.support.microsoft.com
>>> This posting is provided "AS IS" with no warranties, and confers no
>>> rights...
>>>
>>> "Daniel Rascoe" <danielrascoe@hotmail.com> wrote in message
>>> news:uWcXgOzpEHA.3464@TK2MSFTNGP14.phx.gbl...
>>>>I want to remotely control a computer that has Windows XP Pro SP2 on it.
>>>>I'd like to use remote desktop in the simpliest configuration. Can I use
>>>>RD without a VPN connection? Should I be using something other than RD?
>>>>FYI, the client computer is running windows 2000 pro SP4. I've followed
>>>>the directions at
>>>> http://www.microsoft.com/windowsxp/using/mobility/getst...
>>>> But I can't seem to get RD to work.
>>>>
>>>> Daniel
>>>>
>>>
>>
>>
>
>
Anonymous
October 1, 2004 11:52:21 AM

Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

A friend of mine said
"Reserved IP addresses for private networks
10.0.0.0 - 10.255.255.255
172.16.0.0 - 172.31.255.255
192.168.0.0 - 192.168.255.255
Yes. That is non-routable.
Therefore you cannot be a server.
unless they forward all 3389 ports to you."

Daniel
----------------------------------------------
"Bill Sanderson" <Bill_Sanderson@msn.com.plugh.org> wrote in message
news:o LiQIJ1pEHA.3988@tk2msftngp13.phx.gbl...
> Can the client ping the host machine?
>
> Running with no firewall at all is risky.
>
> Are you certain that there are no other software firewalls involved? Have
> you checked that the IP address as seen by the host is the same IP address
> as seen by going to :
>
> http://whatismyip.com/
>
> from the host--I'm trying to be sure that the ISP isn't running a
> transparent proxy.
>
>
> "Daniel Rascoe" <danielrascoe@hotmail.com> wrote in message
> news:o 70QMl0pEHA.592@TK2MSFTNGP11.phx.gbl...
>> The client cannot connect to the host. This is over the public internet.
>> The client is in New Jersey. The host is in Rio de Janeiro, Brazil. The
>> connection in Brazil is very slow, sometimes as slow as 20 kbps with high
>> ping times. The client is running Win2K SP4. The host is running WinXP
>> Pro SP2. Remote Desktop is enabled in the remote tab of the system
>> control panel. The client is using the remote desktop client software and
>> is typing in the IP of the host to try to connect. Offhand I don't
>> remember the exact text of the error message but it was generic sounding,
>> "unable to estable a connection". The host has the windows firewall
>> turned off. The host is directly connected to the internet and is not
>> using a router. What other details would be helpful in diagnosing the
>> problem?
>>
>> Thanks for the reply.
>>
>> Daniel
>>
>> "Sooner Al" <SoonerAl@somewhere.net.invalid> wrote in message
>> news:o KaBkSzpEHA.3668@TK2MSFTNGP15.phx.gbl...
>>> What error or problem are you having? Be specific as possible. Is this
>>> over a LAN? Is this over the public internet? Is Remote Desktop enabled
>>> on the XP Pro box? How are you calling from the W2K box to the XP Pro
>>> box, ie. using the IP of the XP box or a host name?
>>>
>>> If the XP Pro box is behind a firewall/NAT/router you need to open TCP
>>> Port 3389. Call using the public IP of the firewall/NAT/router. Also, is
>>> the SP2 Windows Firewall enabled? If so, you need to get into the
>>> "Exceptions" window and configure Remote Desktop by checking the
>>> checkbox.
>>>
>>> --
>>> Al Jarvi (MS-MVP Windows Networking)
>>>
>>> Please post *ALL* questions and replies to the news group for the mutual
>>> benefit of all of us...
>>> The MS-MVP Program - http://mvp.support.microsoft.com
>>> This posting is provided "AS IS" with no warranties, and confers no
>>> rights...
>>>
>>> "Daniel Rascoe" <danielrascoe@hotmail.com> wrote in message
>>> news:uWcXgOzpEHA.3464@TK2MSFTNGP14.phx.gbl...
>>>>I want to remotely control a computer that has Windows XP Pro SP2 on it.
>>>>I'd like to use remote desktop in the simpliest configuration. Can I use
>>>>RD without a VPN connection? Should I be using something other than RD?
>>>>FYI, the client computer is running windows 2000 pro SP4. I've followed
>>>>the directions at
>>>> http://www.microsoft.com/windowsxp/using/mobility/getst...
>>>> But I can't seem to get RD to work.
>>>>
>>>> Daniel
>>>>
>>>
>>
>>
>
>
Anonymous
October 1, 2004 11:52:22 AM

Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

Yep your friend is correct. It appears the PC your trying to connect to is behind a
firewall/NAT/router somewhere...

How is the PC your trying to connect to in Brazil accessing the public internet? Ie. a broadband
cable/DSL link or a dialup link or what?

--
Al Jarvi (MS-MVP Windows Networking)

Please post *ALL* questions and replies to the news group for the mutual benefit of all of us...
The MS-MVP Program - http://mvp.support.microsoft.com
This posting is provided "AS IS" with no warranties, and confers no rights...

"Daniel Rascoe" <danielrascoe@hotmail.com> wrote in message
news:uQ0WET6pEHA.376@TK2MSFTNGP14.phx.gbl...
>A friend of mine said
> "Reserved IP addresses for private networks
> 10.0.0.0 - 10.255.255.255
> 172.16.0.0 - 172.31.255.255
> 192.168.0.0 - 192.168.255.255
> Yes. That is non-routable.
> Therefore you cannot be a server.
> unless they forward all 3389 ports to you."
>
> Daniel
> ----------------------------------------------
> "Bill Sanderson" <Bill_Sanderson@msn.com.plugh.org> wrote in message
> news:o LiQIJ1pEHA.3988@tk2msftngp13.phx.gbl...
>> Can the client ping the host machine?
>>
>> Running with no firewall at all is risky.
>>
>> Are you certain that there are no other software firewalls involved? Have you checked that the
>> IP address as seen by the host is the same IP address as seen by going to :
>>
>> http://whatismyip.com/
>>
>> from the host--I'm trying to be sure that the ISP isn't running a transparent proxy.
>>
>>
>> "Daniel Rascoe" <danielrascoe@hotmail.com> wrote in message
>> news:o 70QMl0pEHA.592@TK2MSFTNGP11.phx.gbl...
>>> The client cannot connect to the host. This is over the public internet. The client is in New
>>> Jersey. The host is in Rio de Janeiro, Brazil. The connection in Brazil is very slow, sometimes
>>> as slow as 20 kbps with high ping times. The client is running Win2K SP4. The host is running
>>> WinXP Pro SP2. Remote Desktop is enabled in the remote tab of the system control panel. The
>>> client is using the remote desktop client software and is typing in the IP of the host to try to
>>> connect. Offhand I don't remember the exact text of the error message but it was generic
>>> sounding, "unable to estable a connection". The host has the windows firewall turned off. The
>>> host is directly connected to the internet and is not using a router. What other details would
>>> be helpful in diagnosing the problem?
>>>
>>> Thanks for the reply.
>>>
>>> Daniel
>>>
>>> "Sooner Al" <SoonerAl@somewhere.net.invalid> wrote in message
>>> news:o KaBkSzpEHA.3668@TK2MSFTNGP15.phx.gbl...
>>>> What error or problem are you having? Be specific as possible. Is this over a LAN? Is this over
>>>> the public internet? Is Remote Desktop enabled on the XP Pro box? How are you calling from the
>>>> W2K box to the XP Pro box, ie. using the IP of the XP box or a host name?
>>>>
>>>> If the XP Pro box is behind a firewall/NAT/router you need to open TCP Port 3389. Call using
>>>> the public IP of the firewall/NAT/router. Also, is the SP2 Windows Firewall enabled? If so, you
>>>> need to get into the "Exceptions" window and configure Remote Desktop by checking the checkbox.
>>>>
>>>> --
>>>> Al Jarvi (MS-MVP Windows Networking)
>>>>
>>>> Please post *ALL* questions and replies to the news group for the mutual benefit of all of
>>>> us...
>>>> The MS-MVP Program - http://mvp.support.microsoft.com
>>>> This posting is provided "AS IS" with no warranties, and confers no rights...
>>>>
>>>> "Daniel Rascoe" <danielrascoe@hotmail.com> wrote in message
>>>> news:uWcXgOzpEHA.3464@TK2MSFTNGP14.phx.gbl...
>>>>>I want to remotely control a computer that has Windows XP Pro SP2 on it. I'd like to use remote
>>>>>desktop in the simpliest configuration. Can I use RD without a VPN connection? Should I be
>>>>>using something other than RD? FYI, the client computer is running windows 2000 pro SP4. I've
>>>>>followed the directions at
>>>>> http://www.microsoft.com/windowsxp/using/mobility/getst...
>>>>> But I can't seem to get RD to work.
>>>>>
>>>>> Daniel
>>>>>
>>>>
>>>
>>>
>>
>>
>
>
Anonymous
October 1, 2004 3:28:40 PM

Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

This listing shows both an external and an internal IP address.

This implies that there are two network interfaces in this machine, with
software doing nat/routing between them. This may not be Microsoft's
Internet Connection Sharing, because that, in XP, uses 192.168.1.x for the
internal interface and isn't really modifiable.

You need to find out what software is doing the routing between the
interfaces, and how you open port 3389, TCP on the external interface in
that software.

If I'm mistaken, and this is ICS/ICF, then you would open the port by going
to the advanced tab in properties of TCP/IP on the external interface, and
clicking on the settings button.

"Daniel Rascoe" <danielrascoe@hotmail.com> wrote in message
news:o FT%23hO6pEHA.3324@TK2MSFTNGP15.phx.gbl...
> The client can NOT ping the host. I turned the firewall off to make sure
> it wasn't the problem. If I can connect with the firewall off, then I'll
> try to turn it on and still keep the RD connection. I am not certain that
> there are no other software firewalls involved. But I am certain that the
> host computer only has the WinXP SP2 firewall and that it is turned off. I
> got the following info from www.pcpitstop.com
> Bandwidth down: 100 Kbits/sec
> Bandwidth up: 346 Kbits/sec
> Average Ping: 153 ms
> Ping Loss: 0%
> TCP Receive Window: (default)
> External IP Address: 200.xxx.xx.xx
> Internal IP Address: 10.xx.xx.xxx
> Browser: MSIE 6.0; SV1
> IE current cache: 54 MB
> IE max cache: 80 MB
>
> I put Xs in for some of the numbers above for security reasons.
> http://www.whatismyip.com/ gives me that same IP address as the above
> external IP address.
> I'm pretty knowledgeable with PCs but not with networking. Thank you for
> your help.
>
> Daniel
>
> --------------------------------------------
> "Bill Sanderson" <Bill_Sanderson@msn.com.plugh.org> wrote in message
> news:o LiQIJ1pEHA.3988@tk2msftngp13.phx.gbl...
>> Can the client ping the host machine?
>>
>> Running with no firewall at all is risky.
>>
>> Are you certain that there are no other software firewalls involved?
>> Have you checked that the IP address as seen by the host is the same IP
>> address as seen by going to :
>>
>> http://whatismyip.com/
>>
>> from the host--I'm trying to be sure that the ISP isn't running a
>> transparent proxy.
>>
>>
>> "Daniel Rascoe" <danielrascoe@hotmail.com> wrote in message
>> news:o 70QMl0pEHA.592@TK2MSFTNGP11.phx.gbl...
>>> The client cannot connect to the host. This is over the public internet.
>>> The client is in New Jersey. The host is in Rio de Janeiro, Brazil. The
>>> connection in Brazil is very slow, sometimes as slow as 20 kbps with
>>> high ping times. The client is running Win2K SP4. The host is running
>>> WinXP Pro SP2. Remote Desktop is enabled in the remote tab of the system
>>> control panel. The client is using the remote desktop client software
>>> and is typing in the IP of the host to try to connect. Offhand I don't
>>> remember the exact text of the error message but it was generic
>>> sounding, "unable to estable a connection". The host has the windows
>>> firewall turned off. The host is directly connected to the internet and
>>> is not using a router. What other details would be helpful in diagnosing
>>> the problem?
>>>
>>> Thanks for the reply.
>>>
>>> Daniel
>>>
>>> "Sooner Al" <SoonerAl@somewhere.net.invalid> wrote in message
>>> news:o KaBkSzpEHA.3668@TK2MSFTNGP15.phx.gbl...
>>>> What error or problem are you having? Be specific as possible. Is this
>>>> over a LAN? Is this over the public internet? Is Remote Desktop enabled
>>>> on the XP Pro box? How are you calling from the W2K box to the XP Pro
>>>> box, ie. using the IP of the XP box or a host name?
>>>>
>>>> If the XP Pro box is behind a firewall/NAT/router you need to open TCP
>>>> Port 3389. Call using the public IP of the firewall/NAT/router. Also,
>>>> is the SP2 Windows Firewall enabled? If so, you need to get into the
>>>> "Exceptions" window and configure Remote Desktop by checking the
>>>> checkbox.
>>>>
>>>> --
>>>> Al Jarvi (MS-MVP Windows Networking)
>>>>
>>>> Please post *ALL* questions and replies to the news group for the
>>>> mutual benefit of all of us...
>>>> The MS-MVP Program - http://mvp.support.microsoft.com
>>>> This posting is provided "AS IS" with no warranties, and confers no
>>>> rights...
>>>>
>>>> "Daniel Rascoe" <danielrascoe@hotmail.com> wrote in message
>>>> news:uWcXgOzpEHA.3464@TK2MSFTNGP14.phx.gbl...
>>>>>I want to remotely control a computer that has Windows XP Pro SP2 on
>>>>>it. I'd like to use remote desktop in the simpliest configuration. Can
>>>>>I use RD without a VPN connection? Should I be using something other
>>>>>than RD? FYI, the client computer is running windows 2000 pro SP4. I've
>>>>>followed the directions at
>>>>> http://www.microsoft.com/windowsxp/using/mobility/getst...
>>>>> But I can't seem to get RD to work.
>>>>>
>>>>> Daniel
>>>>>
>>>>
>>>
>>>
>>
>>
>
>
Anonymous
October 1, 2004 11:01:21 PM

Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

The PC in Brazil (the host) is connected via radio internet connection. On
that computer in the Authentication tab of the local area connection
properties, "Enable IEEE 802.1x authentication for this network" is checked.
The EAP type is "Smart Card or other Certificate". Also, "Authenticate as
computer when computer information is available" is checked. I ready to toss
in the towel.

Another friend suggested Timbuktu Pro. Would that work in this situation?

Daniel
-------------------------------------------------------------------------------
"Sooner Al" <SoonerAl@somewhere.net.invalid> wrote in message
news:o WD7Dd6pEHA.3324@TK2MSFTNGP15.phx.gbl...
> Yep your friend is correct. It appears the PC your trying to connect to is
> behind a firewall/NAT/router somewhere...
>
> How is the PC your trying to connect to in Brazil accessing the public
> internet? Ie. a broadband cable/DSL link or a dialup link or what?
>
> --
> Al Jarvi (MS-MVP Windows Networking)
>
> Please post *ALL* questions and replies to the news group for the mutual
> benefit of all of us...
> The MS-MVP Program - http://mvp.support.microsoft.com
> This posting is provided "AS IS" with no warranties, and confers no
> rights...
>
> "Daniel Rascoe" <danielrascoe@hotmail.com> wrote in message
> news:uQ0WET6pEHA.376@TK2MSFTNGP14.phx.gbl...
>>A friend of mine said
>> "Reserved IP addresses for private networks
>> 10.0.0.0 - 10.255.255.255
>> 172.16.0.0 - 172.31.255.255
>> 192.168.0.0 - 192.168.255.255
>> Yes. That is non-routable.
>> Therefore you cannot be a server.
>> unless they forward all 3389 ports to you."
>>
>> Daniel
>> ----------------------------------------------
>> "Bill Sanderson" <Bill_Sanderson@msn.com.plugh.org> wrote in message
>> news:o LiQIJ1pEHA.3988@tk2msftngp13.phx.gbl...
>>> Can the client ping the host machine?
>>>
>>> Running with no firewall at all is risky.
>>>
>>> Are you certain that there are no other software firewalls involved?
>>> Have you checked that the IP address as seen by the host is the same IP
>>> address as seen by going to :
>>>
>>> http://whatismyip.com/
>>>
>>> from the host--I'm trying to be sure that the ISP isn't running a
>>> transparent proxy.
>>>
>>>
>>> "Daniel Rascoe" <danielrascoe@hotmail.com> wrote in message
>>> news:o 70QMl0pEHA.592@TK2MSFTNGP11.phx.gbl...
>>>> The client cannot connect to the host. This is over the public
>>>> internet. The client is in New Jersey. The host is in Rio de Janeiro,
>>>> Brazil. The connection in Brazil is very slow, sometimes as slow as 20
>>>> kbps with high ping times. The client is running Win2K SP4. The host is
>>>> running WinXP Pro SP2. Remote Desktop is enabled in the remote tab of
>>>> the system control panel. The client is using the remote desktop client
>>>> software and is typing in the IP of the host to try to connect. Offhand
>>>> I don't remember the exact text of the error message but it was generic
>>>> sounding, "unable to estable a connection". The host has the windows
>>>> firewall turned off. The host is directly connected to the internet and
>>>> is not using a router. What other details would be helpful in
>>>> diagnosing the problem?
>>>>
>>>> Thanks for the reply.
>>>>
>>>> Daniel
>>>>
>>>> "Sooner Al" <SoonerAl@somewhere.net.invalid> wrote in message
>>>> news:o KaBkSzpEHA.3668@TK2MSFTNGP15.phx.gbl...
>>>>> What error or problem are you having? Be specific as possible. Is this
>>>>> over a LAN? Is this over the public internet? Is Remote Desktop
>>>>> enabled on the XP Pro box? How are you calling from the W2K box to the
>>>>> XP Pro box, ie. using the IP of the XP box or a host name?
>>>>>
>>>>> If the XP Pro box is behind a firewall/NAT/router you need to open TCP
>>>>> Port 3389. Call using the public IP of the firewall/NAT/router. Also,
>>>>> is the SP2 Windows Firewall enabled? If so, you need to get into the
>>>>> "Exceptions" window and configure Remote Desktop by checking the
>>>>> checkbox.
>>>>>
>>>>> --
>>>>> Al Jarvi (MS-MVP Windows Networking)
>>>>>
>>>>> Please post *ALL* questions and replies to the news group for the
>>>>> mutual benefit of all of us...
>>>>> The MS-MVP Program - http://mvp.support.microsoft.com
>>>>> This posting is provided "AS IS" with no warranties, and confers no
>>>>> rights...
>>>>>
>>>>> "Daniel Rascoe" <danielrascoe@hotmail.com> wrote in message
>>>>> news:uWcXgOzpEHA.3464@TK2MSFTNGP14.phx.gbl...
>>>>>>I want to remotely control a computer that has Windows XP Pro SP2 on
>>>>>>it. I'd like to use remote desktop in the simpliest configuration. Can
>>>>>>I use RD without a VPN connection? Should I be using something other
>>>>>>than RD? FYI, the client computer is running windows 2000 pro SP4.
>>>>>>I've followed the directions at
>>>>>> http://www.microsoft.com/windowsxp/using/mobility/getst...
>>>>>> But I can't seem to get RD to work.
>>>>>>
>>>>>> Daniel
>>>>>>
>>>>>
>>>>
>>>>
>>>
>>>
>>
>>
>
Anonymous
October 1, 2004 11:01:22 PM

Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

According to their support FAQ Timbuktu Pro needs port forwarding so your going to fall into the
same situation. Actually even worse because of the large number of ports required...

http://www.netopia.com/en-us/support/technotes/software...

Remote Desktop only needs TCP Port 3389.

Is there anyway the local folks in Brazil can contact their ISP to see if TCP Port 3389 can be
opened for Remote Desktop?

--
Al Jarvi (MS-MVP Windows Networking)

Please post *ALL* questions and replies to the news group for the mutual benefit of all of us...
The MS-MVP Program - http://mvp.support.microsoft.com
This posting is provided "AS IS" with no warranties, and confers no rights...

"Daniel Rascoe" <danielrascoe@hotmail.com> wrote in message
news:o IEQ6IAqEHA.556@tk2msftngp13.phx.gbl...
> The PC in Brazil (the host) is connected via radio internet connection. On that computer in the
> Authentication tab of the local area connection properties, "Enable IEEE 802.1x authentication for
> this network" is checked. The EAP type is "Smart Card or other Certificate". Also, "Authenticate
> as computer when computer information is available" is checked. I ready to toss in the towel.
>
> Another friend suggested Timbuktu Pro. Would that work in this situation?
>
> Daniel
> -------------------------------------------------------------------------------
> "Sooner Al" <SoonerAl@somewhere.net.invalid> wrote in message
> news:o WD7Dd6pEHA.3324@TK2MSFTNGP15.phx.gbl...
>> Yep your friend is correct. It appears the PC your trying to connect to is behind a
>> firewall/NAT/router somewhere...
>>
>> How is the PC your trying to connect to in Brazil accessing the public internet? Ie. a broadband
>> cable/DSL link or a dialup link or what?
>>
>> --
>> Al Jarvi (MS-MVP Windows Networking)
>>
>> Please post *ALL* questions and replies to the news group for the mutual benefit of all of us...
>> The MS-MVP Program - http://mvp.support.microsoft.com
>> This posting is provided "AS IS" with no warranties, and confers no rights...
>>
>> "Daniel Rascoe" <danielrascoe@hotmail.com> wrote in message
>> news:uQ0WET6pEHA.376@TK2MSFTNGP14.phx.gbl...
>>>A friend of mine said
>>> "Reserved IP addresses for private networks
>>> 10.0.0.0 - 10.255.255.255
>>> 172.16.0.0 - 172.31.255.255
>>> 192.168.0.0 - 192.168.255.255
>>> Yes. That is non-routable.
>>> Therefore you cannot be a server.
>>> unless they forward all 3389 ports to you."
>>>
>>> Daniel
>>> ----------------------------------------------
>>> "Bill Sanderson" <Bill_Sanderson@msn.com.plugh.org> wrote in message
>>> news:o LiQIJ1pEHA.3988@tk2msftngp13.phx.gbl...
>>>> Can the client ping the host machine?
>>>>
>>>> Running with no firewall at all is risky.
>>>>
>>>> Are you certain that there are no other software firewalls involved? Have you checked that the
>>>> IP address as seen by the host is the same IP address as seen by going to :
>>>>
>>>> http://whatismyip.com/
>>>>
>>>> from the host--I'm trying to be sure that the ISP isn't running a transparent proxy.
>>>>
>>>>
>>>> "Daniel Rascoe" <danielrascoe@hotmail.com> wrote in message
>>>> news:o 70QMl0pEHA.592@TK2MSFTNGP11.phx.gbl...
>>>>> The client cannot connect to the host. This is over the public internet. The client is in New
>>>>> Jersey. The host is in Rio de Janeiro, Brazil. The connection in Brazil is very slow,
>>>>> sometimes as slow as 20 kbps with high ping times. The client is running Win2K SP4. The host
>>>>> is running WinXP Pro SP2. Remote Desktop is enabled in the remote tab of the system control
>>>>> panel. The client is using the remote desktop client software and is typing in the IP of the
>>>>> host to try to connect. Offhand I don't remember the exact text of the error message but it
>>>>> was generic sounding, "unable to estable a connection". The host has the windows firewall
>>>>> turned off. The host is directly connected to the internet and is not using a router. What
>>>>> other details would be helpful in diagnosing the problem?
>>>>>
>>>>> Thanks for the reply.
>>>>>
>>>>> Daniel
>>>>>
>>>>> "Sooner Al" <SoonerAl@somewhere.net.invalid> wrote in message
>>>>> news:o KaBkSzpEHA.3668@TK2MSFTNGP15.phx.gbl...
>>>>>> What error or problem are you having? Be specific as possible. Is this over a LAN? Is this
>>>>>> over the public internet? Is Remote Desktop enabled on the XP Pro box? How are you calling
>>>>>> from the W2K box to the XP Pro box, ie. using the IP of the XP box or a host name?
>>>>>>
>>>>>> If the XP Pro box is behind a firewall/NAT/router you need to open TCP Port 3389. Call using
>>>>>> the public IP of the firewall/NAT/router. Also, is the SP2 Windows Firewall enabled? If so,
>>>>>> you need to get into the "Exceptions" window and configure Remote Desktop by checking the
>>>>>> checkbox.
>>>>>>
>>>>>> --
>>>>>> Al Jarvi (MS-MVP Windows Networking)
>>>>>>
>>>>>> Please post *ALL* questions and replies to the news group for the mutual benefit of all of
>>>>>> us...
>>>>>> The MS-MVP Program - http://mvp.support.microsoft.com
>>>>>> This posting is provided "AS IS" with no warranties, and confers no rights...
>>>>>>
>>>>>> "Daniel Rascoe" <danielrascoe@hotmail.com> wrote in message
>>>>>> news:uWcXgOzpEHA.3464@TK2MSFTNGP14.phx.gbl...
>>>>>>>I want to remotely control a computer that has Windows XP Pro SP2 on it. I'd like to use
>>>>>>>remote desktop in the simpliest configuration. Can I use RD without a VPN connection? Should
>>>>>>>I be using something other than RD? FYI, the client computer is running windows 2000 pro SP4.
>>>>>>>I've followed the directions at
>>>>>>> http://www.microsoft.com/windowsxp/using/mobility/getst...
>>>>>>> But I can't seem to get RD to work.
>>>>>>>
>>>>>>> Daniel
>>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>
>>>>
>>>
>>>
>>
>
>
Anonymous
October 6, 2004 12:49:04 AM

Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

Can the remote client connect to any Terminal Server on the Public Internet?
This would be the first thing I would verify. If you do a search on Google
for Remote Desktop Web Connection, many public connections are listed (while
admins should probably block robots/spiders from picking these up) which
could be used to test your connectivity. I'm not recommending trying to
logon to any of them, but if you can get to their GINA Logon then you're
connected over port 3389 and know that the remote computer is working
properly.

Another thing you will have a problem with is a highly latent connection,
regardless of the measured thruput. 20Kbps is barely enough bandwidth to
work over a 800x600 desktop at 256 colors with mediocre performance when
latency is not a problem, but when you add a high latency to the connection
the performance may reach abismal.

The lowest speed connection I've found to be sufficient for a working RDP
session @ 800x600 & 256 color depth is 26.4Kbps.

As far as VPNs go, I not only do NOT recommend them for securing RDP
connection, but believe that unless they are managed IPSec/L2TP VPNs that
they are a security risk as you're allowing any garbage or services on the
remote computer to directly interact with a corporate network. PPTP VPNs add
zero extra security to an RDP Session, as the tunnel is setup with the
credentials provided by the end-user, not by PKI based certificates.

Secondary authentication (i.e. Safeword or SecureID) is a better way to
increase the already solid security of Windows Terminal Server, whether using
RDP or ICA protocol.

Patrick Rouse
Microsoft MVP - Terminal Server
http://www.workthin.com

"Bill Sanderson" wrote:

> Keep talking to Al, but I just want to reiterate that the VPN is not
> necessary for RD to work, nor is the VPN needed so that the information
> being transmitted is encrypted.
>
> A VPN connection does make the connection more secure--less susceptable to
> certain types of attacks--"man in the middle" attacks.
>
> You can definitely work without it and many of us do, regularly.
>
> "Daniel Rascoe" <danielrascoe@hotmail.com> wrote in message
> news:uWcXgOzpEHA.3464@TK2MSFTNGP14.phx.gbl...
> >I want to remotely control a computer that has Windows XP Pro SP2 on it.
> >I'd like to use remote desktop in the simpliest configuration. Can I use RD
> >without a VPN connection? Should I be using something other than RD? FYI,
> >the client computer is running windows 2000 pro SP4. I've followed the
> >directions at
> > http://www.microsoft.com/windowsxp/using/mobility/getst...
> > But I can't seem to get RD to work.
> >
> > Daniel
> >
>
>
>
Anonymous
October 6, 2004 11:47:23 AM

Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

First I want to thank everyone for their replies. I've learned a lot.
Second, here is my understanding (Please correct any errors). The client has
been able to control 2 other computers using Timbuktu Pro. These 2 computers
didn't have WinXP Pro so I couldn't try RD. The key seems to be whether the
IP address is public or private. I check this by comparing the IP address
returned in ipconfig with the IP address returned by www.whatismyip.com . If
the IPs are the same then the address is public. If the IP addresses are
different, then the address if private. If the IP address is public then
there is no problem connecting remotely. If the IP address is private then
connecting remotely won't work unless port 3389 is forwarded. In order to
forward port 3389, I'll have to contact the ISP and see if 1) they are
willing to forward port 3389 and 2) will they actually forward port 3389. If
I make any progress forwarding the port, I'll post my experience to the
newsgroup.

The connection in Rio de Janeiro is highly variable. Usually early in the
morning, 7:30 am, the connection is at it's best (102 kbps d/l, 326 kbps
u/l, average ping time 200 ms). Throughout the day, the connection gradually
slows down so that the d/l speed slows to 20kbps. This remote connection is
not a connection that would be used often, only for troubleshooting,
security updates, etc. So I just want to get it working first and worry
about the speed later.

Once again, thanks to all responders.

Daniel

"Patrick Rouse [MVP]" <PatrickRouseMVP@discussions.microsoft.com> wrote in
message news:1E909C46-8084-4F3D-A6C1-B8623A63F5AF@microsoft.com...
> Can the remote client connect to any Terminal Server on the Public
> Internet?
> This would be the first thing I would verify. If you do a search on
> Google
> for Remote Desktop Web Connection, many public connections are listed
> (while
> admins should probably block robots/spiders from picking these up) which
> could be used to test your connectivity. I'm not recommending trying to
> logon to any of them, but if you can get to their GINA Logon then you're
> connected over port 3389 and know that the remote computer is working
> properly.
>
> Another thing you will have a problem with is a highly latent connection,
> regardless of the measured thruput. 20Kbps is barely enough bandwidth to
> work over a 800x600 desktop at 256 colors with mediocre performance when
> latency is not a problem, but when you add a high latency to the
> connection
> the performance may reach abismal.
>
> The lowest speed connection I've found to be sufficient for a working RDP
> session @ 800x600 & 256 color depth is 26.4Kbps.
>
> As far as VPNs go, I not only do NOT recommend them for securing RDP
> connection, but believe that unless they are managed IPSec/L2TP VPNs that
> they are a security risk as you're allowing any garbage or services on the
> remote computer to directly interact with a corporate network. PPTP VPNs
> add
> zero extra security to an RDP Session, as the tunnel is setup with the
> credentials provided by the end-user, not by PKI based certificates.
>
> Secondary authentication (i.e. Safeword or SecureID) is a better way to
> increase the already solid security of Windows Terminal Server, whether
> using
> RDP or ICA protocol.
>
> Patrick Rouse
> Microsoft MVP - Terminal Server
> http://www.workthin.com
>
> "Bill Sanderson" wrote:
>
>> Keep talking to Al, but I just want to reiterate that the VPN is not
>> necessary for RD to work, nor is the VPN needed so that the information
>> being transmitted is encrypted.
>>
>> A VPN connection does make the connection more secure--less susceptable
>> to
>> certain types of attacks--"man in the middle" attacks.
>>
>> You can definitely work without it and many of us do, regularly.
>>
>> "Daniel Rascoe" <danielrascoe@hotmail.com> wrote in message
>> news:uWcXgOzpEHA.3464@TK2MSFTNGP14.phx.gbl...
>> >I want to remotely control a computer that has Windows XP Pro SP2 on it.
>> >I'd like to use remote desktop in the simpliest configuration. Can I use
>> >RD
>> >without a VPN connection? Should I be using something other than RD?
>> >FYI,
>> >the client computer is running windows 2000 pro SP4. I've followed the
>> >directions at
>> > http://www.microsoft.com/windowsxp/using/mobility/getst...
>> > But I can't seem to get RD to work.
>> >
>> > Daniel
>> >
>>
>>
>>
Anonymous
October 6, 2004 11:59:03 AM

Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

1. Port forwarding is done by you, not your ISP, although I have seen ISPs
that block TCP Port 3389 on their routers, in which case you'd have to
configure Terminal Server to listen on a different port. If the remote
computer can not telnet to port 3389 of the destination computer then Remote
Desktop will not work with the default configuration.

Screenshot of port forwarding with a Linksys router:
http://workthin.com/images/LinksysPortForwarding.JPG

2. The only time you can directly address a Private IP Address is if it's
on your network, i.e. not separated by the Public Internet. For a person to
allow traffic to their computer from the public internet (when they're behind
a NAT firewall) they forward trafic addressed to the firewall's WAN port to
their specific private IP Address for the type of traffic they desire, i.e.
TPC/UDP Port number. The remote user addresses the Firewall's WAN IP
Address, NOT the private IP Address of the destination computer.

3. A class or book on Cisco Routing Fundamentals or Networking Fundamentals
would make the IP Addressing a lot clearer.

Free online tutorial:
http://www.ind.alcatel.com/fundamentals/index2.html?pas...

Book:
http://www.ciscopress.com/title/1587050676


Patrick Rouse
Microsoft MVP - Terminal Server
http://www.workthin.com


"Patrick Rouse [MVP]" wrote:

> Can the remote client connect to any Terminal Server on the Public Internet?
> This would be the first thing I would verify. If you do a search on Google
> for Remote Desktop Web Connection, many public connections are listed (while
> admins should probably block robots/spiders from picking these up) which
> could be used to test your connectivity. I'm not recommending trying to
> logon to any of them, but if you can get to their GINA Logon then you're
> connected over port 3389 and know that the remote computer is working
> properly.
>
> Another thing you will have a problem with is a highly latent connection,
> regardless of the measured thruput. 20Kbps is barely enough bandwidth to
> work over a 800x600 desktop at 256 colors with mediocre performance when
> latency is not a problem, but when you add a high latency to the connection
> the performance may reach abismal.
>
> The lowest speed connection I've found to be sufficient for a working RDP
> session @ 800x600 & 256 color depth is 26.4Kbps.
>
> As far as VPNs go, I not only do NOT recommend them for securing RDP
> connection, but believe that unless they are managed IPSec/L2TP VPNs that
> they are a security risk as you're allowing any garbage or services on the
> remote computer to directly interact with a corporate network. PPTP VPNs add
> zero extra security to an RDP Session, as the tunnel is setup with the
> credentials provided by the end-user, not by PKI based certificates.
>
> Secondary authentication (i.e. Safeword or SecureID) is a better way to
> increase the already solid security of Windows Terminal Server, whether using
> RDP or ICA protocol.
>
> Patrick Rouse
> Microsoft MVP - Terminal Server
> http://www.workthin.com
>
> "Bill Sanderson" wrote:
>
> > Keep talking to Al, but I just want to reiterate that the VPN is not
> > necessary for RD to work, nor is the VPN needed so that the information
> > being transmitted is encrypted.
> >
> > A VPN connection does make the connection more secure--less susceptable to
> > certain types of attacks--"man in the middle" attacks.
> >
> > You can definitely work without it and many of us do, regularly.
> >
> > "Daniel Rascoe" <danielrascoe@hotmail.com> wrote in message
> > news:uWcXgOzpEHA.3464@TK2MSFTNGP14.phx.gbl...
> > >I want to remotely control a computer that has Windows XP Pro SP2 on it.
> > >I'd like to use remote desktop in the simpliest configuration. Can I use RD
> > >without a VPN connection? Should I be using something other than RD? FYI,
> > >the client computer is running windows 2000 pro SP4. I've followed the
> > >directions at
> > > http://www.microsoft.com/windowsxp/using/mobility/getst...
> > > But I can't seem to get RD to work.
> > >
> > > Daniel
> > >
> >
> >
> >
Anonymous
October 6, 2004 5:02:52 PM

Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

Patrick,

If you read back in the thread the gentleman seems to being trying to reach a PC (in Brazil) that is
connected to a wireless ISP of some sort. The PC is getting an address in the private range. They
claim there is no firewall/NAT/router involved at the host site... That is why I suggested, in one
of my replies, that the folks in Brazil get hold of the ISP to sort this out as far as opening TCP
Port 3389...

--
Al Jarvi (MS-MVP Windows Networking)

Please post *ALL* questions and replies to the news group for the mutual benefit of all of us...
The MS-MVP Program - http://mvp.support.microsoft.com
This posting is provided "AS IS" with no warranties, and confers no rights...

"Patrick Rouse [MVP]" <PatrickRouseMVP@discussions.microsoft.com> wrote in message
news:99A4041E-EF0A-4C41-8C8C-6349723CAAD4@microsoft.com...
> 1. Port forwarding is done by you, not your ISP, although I have seen ISPs
> that block TCP Port 3389 on their routers, in which case you'd have to
> configure Terminal Server to listen on a different port. If the remote
> computer can not telnet to port 3389 of the destination computer then Remote
> Desktop will not work with the default configuration.
>
> Screenshot of port forwarding with a Linksys router:
> http://workthin.com/images/LinksysPortForwarding.JPG
>
> 2. The only time you can directly address a Private IP Address is if it's
> on your network, i.e. not separated by the Public Internet. For a person to
> allow traffic to their computer from the public internet (when they're behind
> a NAT firewall) they forward trafic addressed to the firewall's WAN port to
> their specific private IP Address for the type of traffic they desire, i.e.
> TPC/UDP Port number. The remote user addresses the Firewall's WAN IP
> Address, NOT the private IP Address of the destination computer.
>
> 3. A class or book on Cisco Routing Fundamentals or Networking Fundamentals
> would make the IP Addressing a lot clearer.
>
> Free online tutorial:
> http://www.ind.alcatel.com/fundamentals/index2.html?pas...
>
> Book:
> http://www.ciscopress.com/title/1587050676
>
>
> Patrick Rouse
> Microsoft MVP - Terminal Server
> http://www.workthin.com
>
>
> "Patrick Rouse [MVP]" wrote:
>
>> Can the remote client connect to any Terminal Server on the Public Internet?
>> This would be the first thing I would verify. If you do a search on Google
>> for Remote Desktop Web Connection, many public connections are listed (while
>> admins should probably block robots/spiders from picking these up) which
>> could be used to test your connectivity. I'm not recommending trying to
>> logon to any of them, but if you can get to their GINA Logon then you're
>> connected over port 3389 and know that the remote computer is working
>> properly.
>>
>> Another thing you will have a problem with is a highly latent connection,
>> regardless of the measured thruput. 20Kbps is barely enough bandwidth to
>> work over a 800x600 desktop at 256 colors with mediocre performance when
>> latency is not a problem, but when you add a high latency to the connection
>> the performance may reach abismal.
>>
>> The lowest speed connection I've found to be sufficient for a working RDP
>> session @ 800x600 & 256 color depth is 26.4Kbps.
>>
>> As far as VPNs go, I not only do NOT recommend them for securing RDP
>> connection, but believe that unless they are managed IPSec/L2TP VPNs that
>> they are a security risk as you're allowing any garbage or services on the
>> remote computer to directly interact with a corporate network. PPTP VPNs add
>> zero extra security to an RDP Session, as the tunnel is setup with the
>> credentials provided by the end-user, not by PKI based certificates.
>>
>> Secondary authentication (i.e. Safeword or SecureID) is a better way to
>> increase the already solid security of Windows Terminal Server, whether using
>> RDP or ICA protocol.
>>
>> Patrick Rouse
>> Microsoft MVP - Terminal Server
>> http://www.workthin.com
>>
>> "Bill Sanderson" wrote:
>>
>> > Keep talking to Al, but I just want to reiterate that the VPN is not
>> > necessary for RD to work, nor is the VPN needed so that the information
>> > being transmitted is encrypted.
>> >
>> > A VPN connection does make the connection more secure--less susceptable to
>> > certain types of attacks--"man in the middle" attacks.
>> >
>> > You can definitely work without it and many of us do, regularly.
>> >
>> > "Daniel Rascoe" <danielrascoe@hotmail.com> wrote in message
>> > news:uWcXgOzpEHA.3464@TK2MSFTNGP14.phx.gbl...
>> > >I want to remotely control a computer that has Windows XP Pro SP2 on it.
>> > >I'd like to use remote desktop in the simpliest configuration. Can I use RD
>> > >without a VPN connection? Should I be using something other than RD? FYI,
>> > >the client computer is running windows 2000 pro SP4. I've followed the
>> > >directions at
>> > > http://www.microsoft.com/windowsxp/using/mobility/getst...
>> > > But I can't seem to get RD to work.
>> > >
>> > > Daniel
>> > >
>> >
>> >
>> >
Anonymous
October 6, 2004 5:02:53 PM

Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

If this is true then the remote desktop client will need to know the correct
router address to connect-to with mstsc, which would be available via
traceroute from the wireless client to any internet host on the second hop,
i.e. Localhost-> Default Gateway -> ISP Router WAN Port.

This is probably not going to happen, as I doubt the ISP will do a one to
one NAT for them so they can forward 3389 to a specific private address.

Patrick Rouse
Microsoft MVP - Terminal Server
http://www.workthin.com


"Sooner Al" wrote:

> Patrick,
>
> If you read back in the thread the gentleman seems to being trying to reach a PC (in Brazil) that is
> connected to a wireless ISP of some sort. The PC is getting an address in the private range. They
> claim there is no firewall/NAT/router involved at the host site... That is why I suggested, in one
> of my replies, that the folks in Brazil get hold of the ISP to sort this out as far as opening TCP
> Port 3389...
>
> --
> Al Jarvi (MS-MVP Windows Networking)
>
> Please post *ALL* questions and replies to the news group for the mutual benefit of all of us...
> The MS-MVP Program - http://mvp.support.microsoft.com
> This posting is provided "AS IS" with no warranties, and confers no rights...
>
> "Patrick Rouse [MVP]" <PatrickRouseMVP@discussions.microsoft.com> wrote in message
> news:99A4041E-EF0A-4C41-8C8C-6349723CAAD4@microsoft.com...
> > 1. Port forwarding is done by you, not your ISP, although I have seen ISPs
> > that block TCP Port 3389 on their routers, in which case you'd have to
> > configure Terminal Server to listen on a different port. If the remote
> > computer can not telnet to port 3389 of the destination computer then Remote
> > Desktop will not work with the default configuration.
> >
> > Screenshot of port forwarding with a Linksys router:
> > http://workthin.com/images/LinksysPortForwarding.JPG
> >
> > 2. The only time you can directly address a Private IP Address is if it's
> > on your network, i.e. not separated by the Public Internet. For a person to
> > allow traffic to their computer from the public internet (when they're behind
> > a NAT firewall) they forward trafic addressed to the firewall's WAN port to
> > their specific private IP Address for the type of traffic they desire, i.e.
> > TPC/UDP Port number. The remote user addresses the Firewall's WAN IP
> > Address, NOT the private IP Address of the destination computer.
> >
> > 3. A class or book on Cisco Routing Fundamentals or Networking Fundamentals
> > would make the IP Addressing a lot clearer.
> >
> > Free online tutorial:
> > http://www.ind.alcatel.com/fundamentals/index2.html?pas...
> >
> > Book:
> > http://www.ciscopress.com/title/1587050676
> >
> >
> > Patrick Rouse
> > Microsoft MVP - Terminal Server
> > http://www.workthin.com
> >
> >
> > "Patrick Rouse [MVP]" wrote:
> >
> >> Can the remote client connect to any Terminal Server on the Public Internet?
> >> This would be the first thing I would verify. If you do a search on Google
> >> for Remote Desktop Web Connection, many public connections are listed (while
> >> admins should probably block robots/spiders from picking these up) which
> >> could be used to test your connectivity. I'm not recommending trying to
> >> logon to any of them, but if you can get to their GINA Logon then you're
> >> connected over port 3389 and know that the remote computer is working
> >> properly.
> >>
> >> Another thing you will have a problem with is a highly latent connection,
> >> regardless of the measured thruput. 20Kbps is barely enough bandwidth to
> >> work over a 800x600 desktop at 256 colors with mediocre performance when
> >> latency is not a problem, but when you add a high latency to the connection
> >> the performance may reach abismal.
> >>
> >> The lowest speed connection I've found to be sufficient for a working RDP
> >> session @ 800x600 & 256 color depth is 26.4Kbps.
> >>
> >> As far as VPNs go, I not only do NOT recommend them for securing RDP
> >> connection, but believe that unless they are managed IPSec/L2TP VPNs that
> >> they are a security risk as you're allowing any garbage or services on the
> >> remote computer to directly interact with a corporate network. PPTP VPNs add
> >> zero extra security to an RDP Session, as the tunnel is setup with the
> >> credentials provided by the end-user, not by PKI based certificates.
> >>
> >> Secondary authentication (i.e. Safeword or SecureID) is a better way to
> >> increase the already solid security of Windows Terminal Server, whether using
> >> RDP or ICA protocol.
> >>
> >> Patrick Rouse
> >> Microsoft MVP - Terminal Server
> >> http://www.workthin.com
> >>
> >> "Bill Sanderson" wrote:
> >>
> >> > Keep talking to Al, but I just want to reiterate that the VPN is not
> >> > necessary for RD to work, nor is the VPN needed so that the information
> >> > being transmitted is encrypted.
> >> >
> >> > A VPN connection does make the connection more secure--less susceptable to
> >> > certain types of attacks--"man in the middle" attacks.
> >> >
> >> > You can definitely work without it and many of us do, regularly.
> >> >
> >> > "Daniel Rascoe" <danielrascoe@hotmail.com> wrote in message
> >> > news:uWcXgOzpEHA.3464@TK2MSFTNGP14.phx.gbl...
> >> > >I want to remotely control a computer that has Windows XP Pro SP2 on it.
> >> > >I'd like to use remote desktop in the simpliest configuration. Can I use RD
> >> > >without a VPN connection? Should I be using something other than RD? FYI,
> >> > >the client computer is running windows 2000 pro SP4. I've followed the
> >> > >directions at
> >> > > http://www.microsoft.com/windowsxp/using/mobility/getst...
> >> > > But I can't seem to get RD to work.
> >> > >
> >> > > Daniel
> >> > >
> >> >
> >> >
> >> >
>
>
!