Terminal Services and OWA on Port 443 question

Unanswered Question
May 25th, 2010

Hi all,

I currently have a 2800 series router with firewall OS which NATs port 443 to my Exchange server (see below).

ip nat inside source static tcp (exchange IP) 443 interface FastEthernet 0/1 443

I would like to evaluate RDP (Terminal Services) for remote access on a Windows 2008 Box however RDP now uses port 443 which means when I connect through the router I get a certificate error as the OWA certificate is returned from the exchange box instead of the terminal services cert from the 2008 box.

I have port 443 open to any host on my external IP as below:

permit tcp any host (external IP) eq 443

Sorry if this is a bit simplistic I don't often work on Cisco equipment..

David

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Marcin Latosiewicz Tue, 05/25/2010 - 05:12

David,

Not sure I understand.

RDP should be tcp/3389 (AFAIR).

Adding a rule:

---------

ip nat inside source static tcp (rdp_server) 3389  interface FastEthernet 0/1 3389

----------

And an ip access-list entry accordingly should make RDP work.


If for some reason the rdp_server hosts RDP on port 443 you can always "cheat" the system.
--------

ip nat inside source static tcp (rdp_server) 443  interface FastEthernet 0/1 3389

---------

More details appreciated

Marcin

david-allan Tue, 05/25/2010 - 06:18

Thanks for the reply Marcin

Windows 2008 Server now has a TS Gateway which uses port 443, I have used NAT and port 3389 which works fine but this does not allow connection to TS Gateway and therefore the SSL cert.

I have attached my current config, less the IP addresses etc. Would you work around (ip nat inside source static tcp (rdp_server) 443  interface FastEthernet 0/1 3389) solve my problem? Just thought I would ask before I go and change the router config.

Many thanks David

Attachment: 
Marcin Latosiewicz Tue, 05/25/2010 - 07:13

David,

Not sure if the RDP client is smart enough to do SSL/TLS on standard 3389 port.

I would say it's worth a shot.

Marcin

david-allan Wed, 05/26/2010 - 00:50

Hi Marcin,

Unfortunately that didn't work, I still get the certificate name mismatch as the exchange cert is presented instead of the TS Gateway Cert.

(ip nat inside source static tcp +(rdp_server)+ 443  interface FastEthernet 0/1 3389)

I think it's the NAT rule below which is screwing things up..

ip nat inside source static tcp (Exchange IP) 443 interface FastEthernet0/1 443

The above is only for OWA I think, I may have to look at changing the port for this rather than a rule on the firewall.

Any other suggestions would be appreciated though as I would rather have one port open (443) than have to open another for the TS Gateway.

David

Actions

This Discussion