Allowing multiple users to connect to multiple desktops

Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

I configured and got remote access to work for connecting myself to my office
computer. I conigured our router to forward port 3389 to my office's
internal IP address. Question being, how do I let others at my office do
the same. Do I forward port 3389 to their IP address at the same time? That
doesn't seem right to me. Or should I forward different port numbers to
their respective IP's? If so, what port numbers? Does it make a difference
which ports? Pleaes advise.
9 answers Last reply
More about allowing multiple users connect multiple desktops
  1. Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

    There are various strategies available...Not in any particular order...

    * You could setup a VPN and tunnel all of your RDP requests through that.

    http://www.microsoft.com/windowsserver2003/technologies/networking/vpn/default.mspx
    http://www.onecomputerguy.com/networking/xp_vpn_server.htm
    http://www.onecomputerguy.com/networking/xp_vpn.htm

    Do you run any type of server on your network now?

    An alternative to the above is to use a VPN end-point router and have your
    remote clients connect to that. Here are some examples of those...

    http://www.zyxel.com/product/category1.php?indexcate1=1085450410&indexFlagvalue=1021873683
    http://www.linksys.com/servlet/Satellite?childpagename=US%2FLayout&packedargs=c%3DL_Product_C1%26cid%3D1117775454480&pagename=Linksys%2FCommon%2FVisitorWrapper

    * Open multiple ports on the firewall to the different machines...

    http://theillustratednetwork.mvps.org/RemoteDesktop/Multiple_PC_RD.html

    * Use a SSH tunnel to access multiple machines through one hole in the
    firewall, ie. TCP Port 22...I use this to access my home LAN...In my case I
    use a 2048-bit RSA private/public key pair for authentication...

    http://sshwindows.sourceforge.net/
    http://www.bitvise.com/tunnelier.html

    How I did that with PuTTY...

    http://theillustratednetwork.mvps.org/RemoteDesktop/SSH-RDP-VNC/RemoteDesktopVNCandSSH.html

    * Use this SSL-VPN solution...This is very easy to setup and use...

    http://3sp.com/showSslExplorer.do
    http://www.broadbandreports.com/forum/remark,13775231

    --

    Al Jarvi (MS-MVP Windows Networking)

    Please post *ALL* questions and replies to the news group for the mutual
    benefit of all of us...
    The MS-MVP Program - http://mvp.support.microsoft.com
    This posting is provided "AS IS" with no warranties, and confers no
    rights...


    "FWS" <FWS@discussions.microsoft.com> wrote in message
    news:1EB5BC0C-CAE8-420A-8B00-BECDA6043278@microsoft.com...
    >I configured and got remote access to work for connecting myself to my
    >office
    > computer. I conigured our router to forward port 3389 to my office's
    > internal IP address. Question being, how do I let others at my office do
    > the same. Do I forward port 3389 to their IP address at the same time?
    > That
    > doesn't seem right to me. Or should I forward different port numbers to
    > their respective IP's? If so, what port numbers? Does it make a
    > difference
    > which ports? Pleaes advise.
  2. Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

    Thank you for the reply.

    We use a pier-to-pier network for our small company. No server per se.

    We have a netgear router. The link you send about opening other ports was
    based on a linksys router and it references "Redirected Port" and "Listening
    Port". On the Netgear, it has "Start Port" and "End Port" in the port
    forwarding configuration. Are those the same?

    FWS

    "Sooner Al [MVP]" wrote:

    > There are various strategies available...Not in any particular order...
    >
    > * You could setup a VPN and tunnel all of your RDP requests through that.
    >
    > http://www.microsoft.com/windowsserver2003/technologies/networking/vpn/default.mspx
    > http://www.onecomputerguy.com/networking/xp_vpn_server.htm
    > http://www.onecomputerguy.com/networking/xp_vpn.htm
    >
    > Do you run any type of server on your network now?
    >
    > An alternative to the above is to use a VPN end-point router and have your
    > remote clients connect to that. Here are some examples of those...
    >
    > http://www.zyxel.com/product/category1.php?indexcate1=1085450410&indexFlagvalue=1021873683
    > http://www.linksys.com/servlet/Satellite?childpagename=US%2FLayout&packedargs=c%3DL_Product_C1%26cid%3D1117775454480&pagename=Linksys%2FCommon%2FVisitorWrapper
    >
    > * Open multiple ports on the firewall to the different machines...
    >
    > http://theillustratednetwork.mvps.org/RemoteDesktop/Multiple_PC_RD.html
    >
    > * Use a SSH tunnel to access multiple machines through one hole in the
    > firewall, ie. TCP Port 22...I use this to access my home LAN...In my case I
    > use a 2048-bit RSA private/public key pair for authentication...
    >
    > http://sshwindows.sourceforge.net/
    > http://www.bitvise.com/tunnelier.html
    >
    > How I did that with PuTTY...
    >
    > http://theillustratednetwork.mvps.org/RemoteDesktop/SSH-RDP-VNC/RemoteDesktopVNCandSSH.html
    >
    > * Use this SSL-VPN solution...This is very easy to setup and use...
    >
    > http://3sp.com/showSslExplorer.do
    > http://www.broadbandreports.com/forum/remark,13775231
    >
    > --
    >
    > Al Jarvi (MS-MVP Windows Networking)
    >
    > Please post *ALL* questions and replies to the news group for the mutual
    > benefit of all of us...
    > The MS-MVP Program - http://mvp.support.microsoft.com
    > This posting is provided "AS IS" with no warranties, and confers no
    > rights...
    >
    >
    > "FWS" <FWS@discussions.microsoft.com> wrote in message
    > news:1EB5BC0C-CAE8-420A-8B00-BECDA6043278@microsoft.com...
    > >I configured and got remote access to work for connecting myself to my
    > >office
    > > computer. I conigured our router to forward port 3389 to my office's
    > > internal IP address. Question being, how do I let others at my office do
    > > the same. Do I forward port 3389 to their IP address at the same time?
    > > That
    > > doesn't seem right to me. Or should I forward different port numbers to
    > > their respective IP's? If so, what port numbers? Does it make a
    > > difference
    > > which ports? Pleaes advise.
    >
    >
    >
  3. Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

    Also, since we aren't running a server, can we create the VPN without any
    additional equipment/software? Just create the connection like the second
    link shows? Once you establish the VPN connection, you then create the
    Remote Desktop connection? Using the local IP address since you're alaready
    connected? Does using the VPN connection still require forwarding port 3389?

    Thanks for your help.

    FWS

    "Sooner Al [MVP]" wrote:

    > There are various strategies available...Not in any particular order...
    >
    > * You could setup a VPN and tunnel all of your RDP requests through that.
    >
    > http://www.microsoft.com/windowsserver2003/technologies/networking/vpn/default.mspx
    > http://www.onecomputerguy.com/networking/xp_vpn_server.htm
    > http://www.onecomputerguy.com/networking/xp_vpn.htm
    >
    > Do you run any type of server on your network now?
    >
    > An alternative to the above is to use a VPN end-point router and have your
    > remote clients connect to that. Here are some examples of those...
    >
    > http://www.zyxel.com/product/category1.php?indexcate1=1085450410&indexFlagvalue=1021873683
    > http://www.linksys.com/servlet/Satellite?childpagename=US%2FLayout&packedargs=c%3DL_Product_C1%26cid%3D1117775454480&pagename=Linksys%2FCommon%2FVisitorWrapper
    >
    > * Open multiple ports on the firewall to the different machines...
    >
    > http://theillustratednetwork.mvps.org/RemoteDesktop/Multiple_PC_RD.html
    >
    > * Use a SSH tunnel to access multiple machines through one hole in the
    > firewall, ie. TCP Port 22...I use this to access my home LAN...In my case I
    > use a 2048-bit RSA private/public key pair for authentication...
    >
    > http://sshwindows.sourceforge.net/
    > http://www.bitvise.com/tunnelier.html
    >
    > How I did that with PuTTY...
    >
    > http://theillustratednetwork.mvps.org/RemoteDesktop/SSH-RDP-VNC/RemoteDesktopVNCandSSH.html
    >
    > * Use this SSL-VPN solution...This is very easy to setup and use...
    >
    > http://3sp.com/showSslExplorer.do
    > http://www.broadbandreports.com/forum/remark,13775231
    >
    > --
    >
    > Al Jarvi (MS-MVP Windows Networking)
    >
    > Please post *ALL* questions and replies to the news group for the mutual
    > benefit of all of us...
    > The MS-MVP Program - http://mvp.support.microsoft.com
    > This posting is provided "AS IS" with no warranties, and confers no
    > rights...
    >
    >
    > "FWS" <FWS@discussions.microsoft.com> wrote in message
    > news:1EB5BC0C-CAE8-420A-8B00-BECDA6043278@microsoft.com...
    > >I configured and got remote access to work for connecting myself to my
    > >office
    > > computer. I conigured our router to forward port 3389 to my office's
    > > internal IP address. Question being, how do I let others at my office do
    > > the same. Do I forward port 3389 to their IP address at the same time?
    > > That
    > > doesn't seem right to me. Or should I forward different port numbers to
    > > their respective IP's? If so, what port numbers? Does it make a
    > > difference
    > > which ports? Pleaes advise.
    >
    >
    >
  4. Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

    The downside with the XP PPTP VPN server is that you can only have one
    incoming connection at a time. That's why I like either the SSH or SSL-VPN
    solution if your not going to run a W2003 VPN server.

    In the case of SSH you only need TCP Port 22 open. All incoming connections
    go through that and each user can access her/his PC via the SSH tunnel. The
    same with the SSL-VPN solution. In that case you only need TCP Port 443 open
    to the server PC.

    You would not need TCP Port 3389 open if you use either SSH, the SSL-VPN or
    a W2003 VPN solution. All traffic goes through the tunnel...

    --

    Al Jarvi (MS-MVP Windows Networking)

    Please post *ALL* questions and replies to the news group for the mutual
    benefit of all of us...
    The MS-MVP Program - http://mvp.support.microsoft.com
    This posting is provided "AS IS" with no warranties, and confers no
    rights...


    "FWS" <FWS@discussions.microsoft.com> wrote in message
    news:CEC73D21-C385-4C02-A69F-5459438F55AF@microsoft.com...
    > Also, since we aren't running a server, can we create the VPN without any
    > additional equipment/software? Just create the connection like the second
    > link shows? Once you establish the VPN connection, you then create the
    > Remote Desktop connection? Using the local IP address since you're
    > alaready
    > connected? Does using the VPN connection still require forwarding port
    > 3389?
    >
    > Thanks for your help.
    >
    > FWS
    >
    > "Sooner Al [MVP]" wrote:
    >
    >> There are various strategies available...Not in any particular order...
    >>
    >> * You could setup a VPN and tunnel all of your RDP requests through that.
    >>
    >> http://www.microsoft.com/windowsserver2003/technologies/networking/vpn/default.mspx
    >> http://www.onecomputerguy.com/networking/xp_vpn_server.htm
    >> http://www.onecomputerguy.com/networking/xp_vpn.htm
    >>
    >> Do you run any type of server on your network now?
    >>
    >> An alternative to the above is to use a VPN end-point router and have
    >> your
    >> remote clients connect to that. Here are some examples of those...
    >>
    >> http://www.zyxel.com/product/category1.php?indexcate1=1085450410&indexFlagvalue=1021873683
    >> http://www.linksys.com/servlet/Satellite?childpagename=US%2FLayout&packedargs=c%3DL_Product_C1%26cid%3D1117775454480&pagename=Linksys%2FCommon%2FVisitorWrapper
    >>
    >> * Open multiple ports on the firewall to the different machines...
    >>
    >> http://theillustratednetwork.mvps.org/RemoteDesktop/Multiple_PC_RD.html
    >>
    >> * Use a SSH tunnel to access multiple machines through one hole in the
    >> firewall, ie. TCP Port 22...I use this to access my home LAN...In my case
    >> I
    >> use a 2048-bit RSA private/public key pair for authentication...
    >>
    >> http://sshwindows.sourceforge.net/
    >> http://www.bitvise.com/tunnelier.html
    >>
    >> How I did that with PuTTY...
    >>
    >> http://theillustratednetwork.mvps.org/RemoteDesktop/SSH-RDP-VNC/RemoteDesktopVNCandSSH.html
    >>
    >> * Use this SSL-VPN solution...This is very easy to setup and use...
    >>
    >> http://3sp.com/showSslExplorer.do
    >> http://www.broadbandreports.com/forum/remark,13775231
    >>
    >> --
    >>
    >> Al Jarvi (MS-MVP Windows Networking)
    >>
    >> Please post *ALL* questions and replies to the news group for the mutual
    >> benefit of all of us...
    >> The MS-MVP Program - http://mvp.support.microsoft.com
    >> This posting is provided "AS IS" with no warranties, and confers no
    >> rights...
    >>
    >>
    >> "FWS" <FWS@discussions.microsoft.com> wrote in message
    >> news:1EB5BC0C-CAE8-420A-8B00-BECDA6043278@microsoft.com...
    >> >I configured and got remote access to work for connecting myself to my
    >> >office
    >> > computer. I conigured our router to forward port 3389 to my office's
    >> > internal IP address. Question being, how do I let others at my office
    >> > do
    >> > the same. Do I forward port 3389 to their IP address at the same time?
    >> > That
    >> > doesn't seem right to me. Or should I forward different port numbers
    >> > to
    >> > their respective IP's? If so, what port numbers? Does it make a
    >> > difference
    >> > which ports? Pleaes advise.
    >>
    >>
    >>
  5. Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

    FWS <FWS@discussions.microsoft.com> wrote:

    > We have a netgear router. The link you send about opening other
    > ports was based on a linksys router and it references "Redirected
    > Port" and "Listening Port". On the Netgear, it has "Start Port" and
    > "End Port" in the port forwarding configuration. Are those the same?

    No. "Start Port" and "End Port" refer to the numbers at the start and end of
    a range of redirected ports. In your case, you will wish to redirect only
    one port per local PC, so the start and end port numbers will be the same.

    --
    Robin Walker [MVP Networking]
    rdhw@cam.ac.uk
  6. Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

    Then I what do I do with the "redirected port" and "listening port"....I
    don't see those entries in my Netgear configurations........ Please advise.

    FWS

    "Robin Walker [MVP]" wrote:

    > FWS <FWS@discussions.microsoft.com> wrote:
    >
    > > We have a netgear router. The link you send about opening other
    > > ports was based on a linksys router and it references "Redirected
    > > Port" and "Listening Port". On the Netgear, it has "Start Port" and
    > > "End Port" in the port forwarding configuration. Are those the same?
    >
    > No. "Start Port" and "End Port" refer to the numbers at the start and end of
    > a range of redirected ports. In your case, you will wish to redirect only
    > one port per local PC, so the start and end port numbers will be the same.
    >
    > --
    > Robin Walker [MVP Networking]
    > rdhw@cam.ac.uk
    >
    >
    >
  7. Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

    If your router does not support port redirection you can use the second
    method described where you change the listening port on each PC to something
    other than the default. Then setup your router as described.

    Or...use the SSH or SSL-VPN method...

    --

    Al Jarvi (MS-MVP Windows Networking)

    Please post *ALL* questions and replies to the news group for the mutual
    benefit of all of us...
    The MS-MVP Program - http://mvp.support.microsoft.com
    This posting is provided "AS IS" with no warranties, and confers no
    rights...


    "FWS" <FWS@discussions.microsoft.com> wrote in message
    news:2654F276-5B9B-4EAB-BFC8-DA3C98380D04@microsoft.com...
    > Then I what do I do with the "redirected port" and "listening port"....I
    > don't see those entries in my Netgear configurations........ Please
    > advise.
    >
    > FWS
    >
    > "Robin Walker [MVP]" wrote:
    >
    >> FWS <FWS@discussions.microsoft.com> wrote:
    >>
    >> > We have a netgear router. The link you send about opening other
    >> > ports was based on a linksys router and it references "Redirected
    >> > Port" and "Listening Port". On the Netgear, it has "Start Port" and
    >> > "End Port" in the port forwarding configuration. Are those the same?
    >>
    >> No. "Start Port" and "End Port" refer to the numbers at the start and end
    >> of
    >> a range of redirected ports. In your case, you will wish to redirect
    >> only
    >> one port per local PC, so the start and end port numbers will be the
    >> same.
    >>
    >> --
    >> Robin Walker [MVP Networking]
    >> rdhw@cam.ac.uk
    >>
    >>
    >>
  8. Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

    FWS <FWS@discussions.microsoft.com> wrote:

    > Then I what do I do with the "redirected port" and "listening
    > port"....I don't see those entries in my Netgear
    > configurations........

    Consult your Netgear manual. Doing port translation might or might not be
    supported. For instance, it is not supported on the normal Linksys
    configuration. With Linksys, it is only supported on UPnP port-forwarding.

    --
    Robin Walker [MVP Networking]
    rdhw@cam.ac.uk
  9. Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

    FWS,

    The really, really simple answer to your question is:

    1. forward TCPIP from router to your PCs as follows:
    3389 to pc 1
    3390 to pc 2
    3391 to pc 3
    All at the router level

    2. Then I use XP's advanced firewall settings to change the UPnP routing on
    each client to tell it that 339x is 3389 on the machine. Note: if your
    router supports UPnP, then step 1 is redundant.
    3. And then I make sure 3389 is allowed on the firewall of each PC


    Then each person can log in using the standard client with the following
    convention:
    your routers wan ip address:33xx

    I use this all the time in a small office environment. But I use a
    different block of ports so as to avoid hacker curiosity.

    If you are just trying to allow yourself access to multiple machines (rather
    than many:many), you can try this:
    1. set up remote adminstration of your router to an obscure port
    2. set up 3389 to forward to a target PC
    3. log in to router first, enable the forward
    4. log into remote PC
    5. When finished, log back into router and turn off the forward
    With this method, you don't have to add a bunch of funky forwards to the
    router, nor funky upnp forwards. Works for me.


    "FWS" wrote:

    > Also, since we aren't running a server, can we create the VPN without any
    > additional equipment/software? Just create the connection like the second
    > link shows? Once you establish the VPN connection, you then create the
    > Remote Desktop connection? Using the local IP address since you're alaready
    > connected? Does using the VPN connection still require forwarding port 3389?
    >
    > Thanks for your help.
    >
    > FWS
    >
    > "Sooner Al [MVP]" wrote:
    >
    > > There are various strategies available...Not in any particular order...
    > >
    > > * You could setup a VPN and tunnel all of your RDP requests through that.
    > >
    > > http://www.microsoft.com/windowsserver2003/technologies/networking/vpn/default.mspx
    > > http://www.onecomputerguy.com/networking/xp_vpn_server.htm
    > > http://www.onecomputerguy.com/networking/xp_vpn.htm
    > >
    > > Do you run any type of server on your network now?
    > >
    > > An alternative to the above is to use a VPN end-point router and have your
    > > remote clients connect to that. Here are some examples of those...
    > >
    > > http://www.zyxel.com/product/category1.php?indexcate1=1085450410&indexFlagvalue=1021873683
    > > http://www.linksys.com/servlet/Satellite?childpagename=US%2FLayout&packedargs=c%3DL_Product_C1%26cid%3D1117775454480&pagename=Linksys%2FCommon%2FVisitorWrapper
    > >
    > > * Open multiple ports on the firewall to the different machines...
    > >
    > > http://theillustratednetwork.mvps.org/RemoteDesktop/Multiple_PC_RD.html
    > >
    > > * Use a SSH tunnel to access multiple machines through one hole in the
    > > firewall, ie. TCP Port 22...I use this to access my home LAN...In my case I
    > > use a 2048-bit RSA private/public key pair for authentication...
    > >
    > > http://sshwindows.sourceforge.net/
    > > http://www.bitvise.com/tunnelier.html
    > >
    > > How I did that with PuTTY...
    > >
    > > http://theillustratednetwork.mvps.org/RemoteDesktop/SSH-RDP-VNC/RemoteDesktopVNCandSSH.html
    > >
    > > * Use this SSL-VPN solution...This is very easy to setup and use...
    > >
    > > http://3sp.com/showSslExplorer.do
    > > http://www.broadbandreports.com/forum/remark,13775231
    > >
    > > --
    > >
    > > Al Jarvi (MS-MVP Windows Networking)
    > >
    > > Please post *ALL* questions and replies to the news group for the mutual
    > > benefit of all of us...
    > > The MS-MVP Program - http://mvp.support.microsoft.com
    > > This posting is provided "AS IS" with no warranties, and confers no
    > > rights...
    > >
    > >
    > > "FWS" <FWS@discussions.microsoft.com> wrote in message
    > > news:1EB5BC0C-CAE8-420A-8B00-BECDA6043278@microsoft.com...
    > > >I configured and got remote access to work for connecting myself to my
    > > >office
    > > > computer. I conigured our router to forward port 3389 to my office's
    > > > internal IP address. Question being, how do I let others at my office do
    > > > the same. Do I forward port 3389 to their IP address at the same time?
    > > > That
    > > > doesn't seem right to me. Or should I forward different port numbers to
    > > > their respective IP's? If so, what port numbers? Does it make a
    > > > difference
    > > > which ports? Pleaes advise.
    > >
    > >
    > >
Ask a new question

Read More

Office Windows XP