setting up remote access to local intranet

Hi everyone, wonder if you could help.

We've got a number of servers at our office. We have RDP which can login to
the main server, and from there we can access our Intranet (which is on
another server) by visiting http://intranet/.

What I'd like to do is to enable our employees to access the Intranet from
home.

I should be able to do this somehow, what I'm thinking is "user requests
http://ourdomain.com/intranet", server goes "ok, that needs to go to the
intranet server" and forwards the request. I guess we'd need to use something
like port forwarding? Is this possible - how do I set it up?!

Obviously it creates another issue, we'd like it to jump onto an SSL
connection (https://ourdomain.com/intranet). How do I set up a https: server?

Thanks,



Dan

Re: setting up remote access to local intranet

On Jul 16, 7:14 am, musosdev wrote:
> Hi everyone, wonder if you could help.
>
> We've got a number of servers at our office. We have RDP which can login to
> the main server, and from there we can access our Intranet (which is on
> another server) by visitinghttp://intranet/.
>
> What I'd like to do is to enable our employees to access the Intranet from
> home.
>
> I should be able to do this somehow, what I'm thinking is "user requestshttp://ourdomain.com/intranet", server goes "ok, that needs to go to the
> intranet server" and forwards the request. I guess we'd need to use something
> like port forwarding? Is this possible - how do I set it up?!
>
> Obviously it creates another issue, we'd like it to jump onto an SSL
> connection (https://ourdomain.com/intranet). How do I set up a https: server?
>
> Thanks,
>
> Dan



I do not fully understand why you RDP to your main server to access
the Intranet from work -- it seems that you should be able to directly
access the Intranet from work from any machine. If you need to RDP to
your main server to access the Intranet, then there is no way for
users to go to http://ourdomain.com/intranet to then RDP to the main
server to access the intranet.


If you want to do port forwarding, you can set up the router
connecting your Intranet to the Internet to do that. No need for the
router to forward to one server just to forward to another server.
Every one of those hops makes things horribly slow to use.

IIS allows such request forwarding but does not come with such an
extension module by default. You will have to purchase one.

Or you can consider running Small Business Server 2003 as that server.
It has an RDP gateway that allows you to access http://ourdomain.com/Intranet
and then RDP to any machine on the Intranet -- like your main server.

Or you can set up VPN and skip the whole port forwarding madness.

Right now, I am very confused on how your network is set up, and I'm
not certain how anyone accesses information on your Intranet. There's
too many redirections / forwarding / protocols involved for something
that should be very easy and straight-forward to configure and manage.


//David
http://w3-4u.blogspot.com
http://blogs.msdn.com/David.Wang
//

RE: setting up remote access to local intranet

Hi Dan,

The job cannot be done by IIS itself. You will need a front-end reverse
proxy server to publish the internal sites to external. ISA server is the
dedicated product from Microsft addresses your scenario:

External clients <-------- SSL Request/Reponse ----------> ISA reverse
proxy with public IP addresses (forward request and send response back)
<------- HTTP/HTTPS Traffic ------> Internal IIS web servers

Please refer to:

http://www.microsoft.com/ISAServer/

Thanks.

Sincerely,

WenJun Zhang

Microsoft Online Community Support

==================================================

Get notification to my posts through email? Please refer to:
http://msdn.microsoft.com/subscriptions/managednewsgroups/de fault.aspx#notif
ications.

Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
where an initial response from the community or a Microsoft Support
Engineer within 1 business day is acceptable. Please note that each follow
up response may take approximately 2 business days as the support
professional working with you may need further investigation to reach the
most efficient resolution. The offering is not appropriate for situations
that require urgent, real-time or phone-based interactions or complex
project analysis and dump analysis issues. Issues of this nature are best
handled working with a dedicated Microsoft Support Engineer by contacting
Microsoft Customer Support Services (CSS) at:

http://msdn.microsoft.com/subscriptions/support/default.aspx .

==================================================

This posting is provided "AS IS" with no warranties, and confers no rights.

RE: setting up remote access to local intranet

I agree that using the ISA server to publish the sites to external users is
the way to go. I'd also highly encourage you to not expose RDP to the
Internet at large - force users to VPN into your network first. If an account
is ever compromised (it doesn't appear users will be forced to use a secure
channel to logon to your Intranet site, so usernames and passwords could be
captured - I'd also recommend not permitting non-secure http sessions to log
into your web servers) or a flaw is used to create account and elevate
privileges (can be done with certain IIS or system vulnerabilities even if
you don't have an account on the system), the attacker would have
unrestricted access to your network. As a side note, block outbound TFTP
(UDP/69) in addition to some MS ports (TCP/135,137-139,445; UDP/135,137-139)
as a minimum.

""WenJun Zhang[msft]"" wrote:

> Hi Dan,
>
> The job cannot be done by IIS itself. You will need a front-end reverse
> proxy server to publish the internal sites to external. ISA server is the
> dedicated product from Microsft addresses your scenario:
>
> External clients <-------- SSL Request/Reponse ----------> ISA reverse
> proxy with public IP addresses (forward request and send response back)
> <------- HTTP/HTTPS Traffic ------> Internal IIS web servers
>
> Please refer to:
>
> http://www.microsoft.com/ISAServer/
>
> Thanks.
>
> Sincerely,
>
> WenJun Zhang
>
> Microsoft Online Community Support
>
> ==================================================
>
> Get notification to my posts through email? Please refer to:
> http://msdn.microsoft.com/subscriptions/managednewsgroups/de fault.aspx#notif
> ications.
>
> Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
> where an initial response from the community or a Microsoft Support
> Engineer within 1 business day is acceptable. Please note that each follow
> up response may take approximately 2 business days as the support
> professional working with you may need further investigation to reach the
> most efficient resolution. The offering is not appropriate for situations
> that require urgent, real-time or phone-based interactions or complex
> project analysis and dump analysis issues. Issues of this nature are best
> handled working with a dedicated Microsoft Support Engineer by contacting
> Microsoft Customer Support Services (CSS) at:
>
> http://msdn.microsoft.com/subscriptions/support/default.aspx .
>
> ==================================================
>
> This posting is provided "AS IS" with no warranties, and confers no rights.
>
>