Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Terminal Services and OWA on Port 443 question

Hi all,

I currently have a 2800 series router with firewall OS which NATs port 443 to my Exchange server (see below).

ip nat inside source static tcp (exchange IP) 443 interface FastEthernet 0/1 443

I would like to evaluate RDP (Terminal Services) for remote access on a Windows 2008 Box however RDP now uses port 443 which means when I connect through the router I get a certificate error as the OWA certificate is returned from the exchange box instead of the terminal services cert from the 2008 box.

I have port 443 open to any host on my external IP as below:

permit tcp any host (external IP) eq 443

Sorry if this is a bit simplistic I don't often work on Cisco equipment..

David

5 REPLIES
Cisco Employee

Re: Terminal Services and OWA on Port 443 question

David,

Not sure I understand.

RDP should be tcp/3389 (AFAIR).

Adding a rule:

---------

ip nat inside source static tcp (rdp_server) 3389  interface FastEthernet 0/1 3389

----------

And an ip access-list entry accordingly should make RDP work.


If for some reason the rdp_server hosts RDP on port 443 you can always "cheat" the system.
--------

ip nat inside source static tcp (rdp_server) 443  interface FastEthernet 0/1 3389

---------

More details appreciated

Marcin

New Member

Re: Terminal Services and OWA on Port 443 question

Thanks for the reply Marcin

Windows 2008 Server now has a TS Gateway which uses port 443, I have used NAT and port 3389 which works fine but this does not allow connection to TS Gateway and therefore the SSL cert.

I have attached my current config, less the IP addresses etc. Would you work around (ip nat inside source static tcp (rdp_server) 443  interface FastEthernet 0/1 3389) solve my problem? Just thought I would ask before I go and change the router config.

Many thanks David

New Member

Re: Terminal Services and OWA on Port 443 question

Thought this picture might explain the new TS Gateway a bit better then me...

Cisco Employee

Re: Terminal Services and OWA on Port 443 question

David,

Not sure if the RDP client is smart enough to do SSL/TLS on standard 3389 port.

I would say it's worth a shot.

Marcin

New Member

Re: Terminal Services and OWA on Port 443 question

Hi Marcin,

Unfortunately that didn't work, I still get the certificate name mismatch as the exchange cert is presented instead of the TS Gateway Cert.

(ip nat inside source static tcp +(rdp_server)+ 443  interface FastEthernet 0/1 3389)

I think it's the NAT rule below which is screwing things up..

ip nat inside source static tcp (Exchange IP) 443 interface FastEthernet0/1 443

The above is only for OWA I think, I may have to look at changing the port for this rather than a rule on the firewall.

Any other suggestions would be appreciated though as I would rather have one port open (443) than have to open another for the TS Gateway.

David

592
Views
0
Helpful
5
Replies