Forum Discussion

Steph_69890's avatar
Steph_69890
Icon for Nimbostratus rankNimbostratus
Feb 19, 2016

RDP and App Tunnel parameters

Hi,

 

I use App tunnel with webtop in my environment. We launch mstsc.exe with the app tunnel to reach our terminals behind.

 

Unfortunatly, Sometimes, we facing a problem with computer who already have the local service "Microsoft Media Center..." whitch is mapped on the 3390 port.

 

By default, our fist tunnel using 3390 port because, I think, the destination terminal are mapped to 3389. What's current app tunnel does by default: client IP/tunnel port 127.0.0.1:3390 <---> BigIP <----->terminalserveraddress:3389

 

My question: Is it possible to change the client side tunnel port used by java tunnel? Example: client IP/tunnel port 127.0.0.1:42000 <---> BigIP <----->terminalserveraddress:3389

 

We do not using RDP java client because we facing to many issues with sizing, resizing, minimizing window with this kind of client. That's the main reason why we using native Microsoft Windows MSTC client.

 

4 Replies

  • What about if you did this:

     

    Create a pool under local traffic, put your one terminal server in there on port 3389. Then you create a VIP on an arbitary IP, e.g. 192.168.200.1, running on an arbitary port e.g. (as you specified 42000) In your VIP settings, select your newly created pool. Now you will have a VIP listening on 4200, pointing to your terminal server in the pool running on 3389.

     

    Client => VIP:192.168.200.1:4200 => Pool:Terminal Server IP:3389

     

    Then, for your app tunnel, you put the VIP IP address (instead of the real IP address) then you choose your port as 4200. Connections will be translated from 4200 to 3389 by the LTM functionality when it hits the BIGIP.

     

    I just tried it now by setting it up and it worked (except I used the Remote Desktops feature under Application Access instead of an application VPN) but the principle is the same so it should work fine I'm guessing (I've not used the Application before VPN though so not 100% sure)

     

    Thanks

     

    • Steph_69890's avatar
      Steph_69890
      Icon for Nimbostratus rankNimbostratus
      The problem with this solution is that open a new port and access for accessing our terminal server. I have to find the best way, for security purpose, to configure it. unfortunatly, that probably the only way to accomplish what I'm searching to do. That will work certainly! Thanks! Stephane
    • markj_58101's avatar
      markj_58101
      Icon for Nimbostratus rankNimbostratus
      If you mean you would have to open new rules on your firewalls, this shouldn't be the case, the traffic gets tunneled on your laptop through the VPN. On the LTM side, all port-translation happens locally on the BIGIP so it's mostly transparent. You shouldn't need to make any changes to your infrastructure (other than the ones I mentioned)
  • The best way I found, to secure and limit open ports, is to implement Remote Desktop Gateway. This fonction is present with release 11.6.

     

    This feature also correcting my problem with the presence of Windows Xbox Media (listening on 127.0.0.1:3389) and port changing.