Port Forwarding an RDP with Windows 10 Pro


#1

I am pretty sure that the problem I am experiencing is not related to my company’s Peplink Balance 20 but after many days of searching, I have given up and I am hoping someone on this forum might be able to point me to a source of information that helps.

I have a balance 20 connected to a single internet connection (no balancing currently) and an NAT address configuration of 192.168.1.X

I have 3 PCs running Windows 10 pro with RDP enabled on the default port of 3389 (do not want to change these because I do not want to mess with new windows security, and to be quite honest, I should not have to.)

The 3 PCs have static IP addresses 192.168.1.[250,251,252].

Within the LAN, I can RDP from any machine to either of the other 2 machines: 250->251, 250->252, 251->250, 251->252, 252->250, 252->251 all check out.

I have 3 inbound TCP port forwarding rules enabled on the Balance 20 for ports 3389, 13389 and 23389, pointing to 251, 250 and 252 respectively - the first is a single port 3389->3389 (which I would like to get rid of, in favor of another port mapped one) and the other 2 are port maps to internal port 3389 on the respective machines (i.e., 23389 port maps to 192.168.1.252:3389)

In the case of one of the machines, the port mapping work perfectly (i.e., RDP to router internet address @ port 23389 takes me to 192.168.1.252:3389) but the other two do not work with port mapping.

Additionally, the other 2 machines work with single port mapping (i.e., if I map inbound port 3389 to 250:3389, OR inbound port 3389 to 251:3389, I can set up external RDP sessions.)

I have checked firewall rules and windows defender on all 3 machines and they are identical.

So far I have compared the registry entries for Terminal Services on the machine that allows port mapped connections and one of the machines that does not and they are identical.

Does anyone have any other suggestions on where to look?

Thanks.

D


#2

Instead of setting up port forwarding and exposing RDP ports to the internet, try setting up the PPTP server on the Balance 20. It is very easy to configure. Windows even has a PPTP VPN client installed by default.

Connect the VPN and you will be able to RDP just as you normally would on the LAN, but with the VPN providing a secure tunnel across the internet. As a nice bonus, you won’t have to maintain separate RDP profiles on your computer for each remote machine (one for port-mapped external access and one for “normal” internal access): you will always use port 3389.


#3

As louisbohn was saying that is a alternative (we also have L2TP now as well!)

I would check the FW again in the Balance if your using it. Leave source port open and define destination IP/Port (if using Balance as FW).

Otherwise we may need to take a closer look at your config if you wanted to open a support ticket with us:
https://contact.peplink.com/secure/create-support-ticket.html


#4

thanks. That helps a lot.