Hi

I have an IPSec setup between 2 offices and all of our clients servers are restricted to our main office IP address for RDP. I want my workers in the sub office to connect down the IPSec tunnel when using port 3389 RDP rather than out the office default gateway. I have tried a few things but to no avail.

Can anyone provide any pointers?

Thanks
Dave

Nobody??? Surely an easy one?

Not as easy as you might think.

From what you say I guess that you are doing: -

Code:

/- -\ Sub-office / \ RDP User (public ip:3389) --(lan)--> Router --< >--> Router --(lan)--> RDP Service \ / \-(internet)-/

And what you are trying to do is:-

Code:

/----IPSEC---\ Sub-office / \ RDP User (public ip:3389) --(lan)--> Router --< >--> Router --(lan)--> RDP Service \ / \- -/

Trouble is I don't think that you can because you cannot redirect addresses in>>out and you cannot redirect across vpn (AFAIK).

Can you not get the client users at the sub office to use private ip:3389 (eg. 192.168.1.13:3389) instead of public ip:3389? Or internal DNS name if you have internal DNS?

only way it can work is as jedi has outlined.

any traffic for the remote lan will route down the vpn tunnel if you use the private lan ip addresses from remote desktop.

I would assume that this is what is happening anyway if you are connecting to more than one pc on the remote network, that is unless you have multiple public ip addresses and port forwarding mapping to individual pc's on port 3389.