# Solved: Correct setup of DIR-615 router configuration for RDC



## eddie32818 (Oct 29, 2004)

I apologize if I posted this in the wrong section.

I have been trying to achieve a Remote Desktop Connection with my office PC (Host -- Win XP Pro service pack 3) with my wireless laptop (Client -- Win XP Home) at my house.

The RDC works at my office in the LAN, when I have my laptop connected in the office network. However, from my home's LAN, I cannot access the Host over the Internet (WAN). 

I have tried to open port 3389 for the RDC in the PortForwarding section on my Office's D-Link DIR-615 router setup and did the same for my home's belkin 54G router at home, under Virtual Server, in that setup.

Has anyone had this type of problem with Microsoft Remote Desktop?


----------



## JohnWill (Oct 19, 2002)

The port only has to be opened at the receiving end, nothing needs to be done to the connecting computer's router.

That's all that you should have to do, are you SURE you have the right IP address for the office LAN?


----------



## eddie32818 (Oct 29, 2004)

Thanks for pointing that out to me.

I used whatismyip.com and got the correct "external" ip -- was this I hope, correct? 

I really don't see how this interferred with the connection, having the port open at the client end as well as open at the Host PC. Does it cause the port to get locked (in the client -- at my houset)?

I appreciate your help, especially since I have been reading many tutorials on this since last week (I have tried looking at this from many different perspectives I am optimistic I will arrive at a solution, hopefully soon)


----------



## JohnWill (Oct 19, 2002)

Well, that port didn't interfere, it just wasn't necessary. 

Don't know what is going on there, can you ping the external IP at the remote site? The site you mention will only get you an IP address at your local site, not the remote site. One way of mapping the remote site IP address is using DynDNS and running their client on the remote site. This will give you a static URL that will always map to their dynamic IP address.


----------



## eddie32818 (Oct 29, 2004)

Hello JohnWill,

Thanks for taking the time to help me. I tried pinging the Host (or office PC) from the Client PC (or Remote PC -- my home) several times, but they all timed out.

I ran whatismyip.com on my Host machine and at my Client machine, just to see the if the thing was working. (I also thought that info is verified by accessing the Routers at both locations -- as I could see it matched.)

Please correct me if I am wrong, but I thought sites such as DYNDns where used to convert the external IP into a "name" and would automatically take into account any changes in the external IP to facilitate an "easy" connection with the "name" chosen in their client software. (thus eliminating the need to run whatismyip every so often to see if the external IP has changed)

One other thing I forgot to add -- at the office, I made a "static IP" for the Host PC through the DIR-615 router setup. The office PC connects fine to Internet and LAN, but the Remote (my home) PC cannot access it. I also unistalled NIS2009 (will get it reinstalled after I finish troubleshooting) on both the Client and Host PC's Both are using Windows firewall and both have RDC enabled. 

Unfortunately, I have also gotten the same results when I tried using Remote Desktop Web Connection (RDWC), as well, which was installed in my Office PC (Host). Again the Cilent (my laptop) can connect to the Host in the LAN at the Office, but not from the same Remote PC (Client/my laptop) over the Internet from my home. I needed to point out that the successful connections in the office LAN are achieved by using the assigned (local -- 192.168.x.xx) IP or by the computer name, and not the external IP (assigned by ISP) that I obtained from the Router's setup menu.

It seems RDC or RDWC only works in LAN. Am I not understanding something?


----------



## TerryNet (Mar 23, 2005)

The inability to ping the office router from home may be because WAN Ping (see p. 34 of DIR-615 manual) is set to block those pings. Or maybe you are using the wrong public IP address, but from what you describe you seem to have that well under control.

What exactly is happening when you try RDC from home--what error message?

Maybe show us a screen shot of the Port Forwarding on the DIR-615?

Uh, one other thing. Exactly what brand and model is the office modem? Sometimes the modem turns out to be a modem/router combo, which needs port forwarding.


----------



## eddie32818 (Oct 29, 2004)

TerryNet said:


> The inability to ping the office router from home may be because WAN Ping (see p. 34 of DIR-615 manual) is set to block those pings. Or maybe you are using the wrong public IP address, but from what you describe you seem to have that well under control..


I don't have the manual handy -- I will try to find a PDF version at Dlink site and check if WAN ping is enabled.



TerryNet said:


> What exactly is happening when you try RDC from home--what error message?


I get the error message at my laptop with Remote Desktop Connection (at home):

This computer can't connect to the remote computer. Try connecting again. If the problem continues, contact the owner of the remote computer or your network administrator."

I get the error message at my laptop with Remote Desktop Web Connection (at home):

"Internet Explorer cannot display the webpage...."



TerryNet said:


> Maybe show us a screen shot of the Port Forwarding on the DIR-615?


It looks like this from PortForwarding.com site:

http://portforward.com/english/routers/port_forwarding/Dlink/DIR-615/Remote_Desktop.htm

I have the IP entered correctly for the office PC, in the correct field (blank in the screenshot).



TerryNet said:


> Uh, one other thing. Exactly what brand and model is the office modem? Sometimes the modem turns out to be a modem/router combo, which needs port forwarding.


Now that you bring this up, I wonder if the DSL modem is in Bridged-mode or not. I am not at the office and I don't remember the model of the DSL modem.

The office network used to be like this:

Internet --> DSL modem --> 24-port switch --> 20 office PC's
--> Dir-615 wireless router (running off 24-port switch)

Then when I wanted to make a static IP for my office PC with the DIR-615, so I did this:

Internet --> Dir-615 wireless router --> DSL modem --> 24-port switch --> 20 office PC's

I think I might have jumped the gun, here...

Please tell me if I should put it back the way the network was, so that I can try to telnet into the DSL modem/reouter/combo (I have not done this in a very long time - don't remember the login info) and if I should try to enable portforwarding and WAN ping from the modem/router/combo.

Or if I should put the modem/router/combo in Bridged-Mode and keep the DIR-615 direclty connected to it. (I have a feeling you are right, that the DSL modem might already be in Router-Mode and not in Bridged-Mode.)


----------



## TerryNet (Mar 23, 2005)

> Internet --> DSL modem --> 24-port switch --> 20 office PC's


This implies that "Internet" is a phone cable; and either the DSL modem is a modem/router combo or else you are getting at least 20 public IPs from your ISP.



> Internet --> Dir-615 wireless router --> DSL modem --> 24-port switch --> 20 office PC's


This implies that "Internet" is an ethernet cable coming from a modem; and that the DSL modem is a modem/router combo configured and used as a switch.

I'm sorry, but I don't understand your network enough to make any suggestions at this time. Until now I (and John, I'm sure) assumed that you had

Simple DSL or cable modem -> DIR-615 router -> computers (possibly with additional switch).


----------



## JohnWill (Oct 19, 2002)

Well, you can't connect through that DIR-615 then through the DSL "modem", which I'm almost sure it a modem/router easily. You have two NAT layers. Are you connecting wirelessly to the computer you want to remote desktop into?

What's the exact make/model of that DSL "modem"?

Can you supply a network diagram of how all this connects and where the machine you want to connect to is logically?


----------



## eddie32818 (Oct 29, 2004)

TerryNet,

I am sorry that I was not clear. When I mentioned "Internet" in the office layouts, I acutally meant an Internet Connection with the outside world, coming into the building from our ISP via telephone line. Also, I apologize for making an error in the altered layout. In both layouts, the DSL modem is First.


Original office network layout:

Internet (from ISP via telephone line) --> DSL modem --> 24-port switch --> 20 office PC's 
--> Dir-615 wireless router (running off 24-port switch)


Altered office network layout (corrected my mistake):

Internet (from ISP via telephone line) --> DSL modem --> Dir-615 wireless router --> 24-port switch --> 20 office PC's 

Sorry about that mixup.


----------



## JohnWill (Oct 19, 2002)

What is the EXACT make and model of the DSL modem? I'm suspecting this is the problem, we just need some details.


----------



## TerryNet (Mar 23, 2005)

> In both layouts, the DSL modem is First.


Glad of that; I was really confused! 

We'll await your DSL modem info on your next visit to the office.


----------



## eddie32818 (Oct 29, 2004)

QUOTE:
Well, you can't connect through that DIR-615 then through the DSL "modem", which I'm almost sure it a modem/router easily. You have two NAT layers. Are you connecting wirelessly to the computer you want to remote desktop into?

What's the exact make/model of that DSL "modem"?

Can you supply a network diagram of how all this connects and where the machine you want to connect to is logically? 
[QUOTE/]

Yes, I was trying to use my laptop on home's wireless network to access the Host PC at the office (Host PC is not connected wirelessly -- but connected throught ethernet (LAN).)

*I will post back when I get a chance to go to the office and check the make/model of the modem. I think it was an Zxyel something (very small package - 4x4x2), issued by Embarq.*

As for the question relating to Diagram of office network:

Original office network layout:

Internet (from ISP via telephone line) --> DSL modem --> 24-port switch --> 20 office PC's 
--> Dir-615 wireless router (running off 24-port switch)

Altered office network layout (corrected my mistake from original post):

Internet (from ISP via telephone line) --> DSL modem --> Dir-615 wireless router --> 24-port switch --> 20 office PC's


----------



## eddie32818 (Oct 29, 2004)

Good morning Terry, John,

The DSL modem in the office is an EQ-660R ADSL Router by Embarq. (I thought it was a ZyXel)

I am wondering if it will be easier to revert back to placing the wireless router (DIR-615) back to the original office network layout (attached to the 24-port switch) and configure it for WAP. It is probably better this way -- so that we could have minimal signal interferrence because we could easily locate an ethernet jack to plug it in anywhere in the building for optimal performance of the wireless router. (right now all of the office network devices are in an "Electric Room" located at the far side of the building.

If I revert back to the original network layout, then would it just be just the matter of enabling of Port Forwarding on the EQ-660R and leave it functioning in "Router-mode" and at the same time, this would also eliminate the Double NAT conflict, that exists in my altered office network layout?

I look forward to your advice.

Eddie


----------



## TerryNet (Mar 23, 2005)

Yes, yes, and yes.  Using the D-Link as wireless access point only and the Embarq as the only router is probably your best bet. Hopefully the port forwarding on that will go smoothly and you will soon report access from home.


----------



## JohnWill (Oct 19, 2002)

Works for me as well.


----------



## eddie32818 (Oct 29, 2004)

TerryNet said:


> Yes, yes, and yes.  Using the D-Link as wireless access point only and the Embarq as the only router is probably your best bet. Hopefully the port forwarding on that will go smoothly and you will soon report access from home.


Well I was able to configure the Dir-615 in Wireless Access Point and also to set my port-forwarding in the EQ-660 router. For the port-forwarding, I am trying to use 2 ports: 3389 and another one I specified in the xx,xxxx range, which the Host is set to listen, as configured in IIS services in the Host machine.

I beleive I have correctly configured for static IP in the Host machince via TCP/IP properties and thus eleminating automatic configurations of IP and DNS server. Curious -- I noted that the Default Gateway, DHCP server, and DNS server were all the same when checked IPCongig /all. I expected the DNS and DHCP servers to be different. Maybe the correct info is displayed in my 660 or maybe I need to call my ISP for this info. The host is still connecting to the Internet fine, with no problems.

Unfortunately, I still cannot get connected! (I think I for forgot to power-cycle the EQ-660 router to make sure the new settings "take" before I left the office -- wife called me to go meet up at the "Sweet Tomatoes" and I got sidetracked I guess  )

Also, do you think I have to create Trust rules for my "client's external IP" in NIS 2009 in order to get a Remote Desktop Connection? Or am I fine with making sure that Remote Desktop program (mstsc.exe) is added and is set to AUTO in NIS2009 program trust control?

Still hoping to get this fixed -- and I am grateful for all your help.

Ed


----------



## JohnWill (Oct 19, 2002)

I suspect that you will indeed have to alter the NIS 2009 configuration. My advice is to disable it totally for a test, then enable it after you get it working. 

As far as trusting anything Norton, I'm afraid they've burned up that trust with a number of their previous versions, it'll take a while before I trust them again.


----------



## eddie32818 (Oct 29, 2004)

Hello John,

Thanks for the suggestion. I will try disabling NIS2009 smart firewall when I get back in the office to test the RDC. 

Ed


----------



## eddie32818 (Oct 29, 2004)

No luck after disabling NIS2009 and power-cycling the router. (Enabled Windows Firewall with "no exceptions" unticked and made sure that RDC and RDWC are checked)

Port checker tool from portforward.com says "cannot open port" for UDP/3389 and UDP/XX,XXXX. Then it reports "Some other application has it locked..." for TCP/3389 and TCP/XX,XXXX.

Could there be another step that I forgot in the Port Forwarding of Router setup? Maybe NAT rules?


----------



## JohnWill (Oct 19, 2002)

That sounds like that port is forwarded to a different IP address than your computer.


----------



## eddie32818 (Oct 29, 2004)

I will double check this - I am pretty sure it is the Host's IP assigned by the EQ-660 over the LAN .

Maybe I'm losing my mind over this, but does it need to be the external IP that gets the port forwarding in that router/modem/combo?


----------



## TerryNet (Mar 23, 2005)

> but does it need to be the external IP that gets the port forwarding in that router/modem/combo?


No. A message comes into the router on port 3389 from the outside world (your home in this case). The router cannot handle it. To where should it be forwarded? Answer--the (private, LAN) IP address of a computer that is ready to deal with it.


----------



## JohnWill (Oct 19, 2002)

I can't believe the router will even let you enter a public IP address in the port forwarding tables!


----------



## eddie32818 (Oct 29, 2004)

JohnWill said:


> I can't believe the router will even let you enter a public IP address in the port forwarding tables!


Here is what I see by way of screenshots from portforward.com:

http://portforward.com/english/routers/port_forwarding/ZyXEL/EQ-660R/Remote_Desktop.htm

In the screenshot the IP information field is blank, but I assumed that you were supposed to enter a valid local IP on the LAN. Yes, it allows me to enter the LAN IP of the Host machine at the office. Do you think it would be OK to have port 3389 open And port xx,xxxx open for the same Host's IP? Because I have the Host machine "listening" to port xx,xxx for the Remote Web Connection and I have been trying both RDC and the RDWC with the IP(external):XX,XXXX and Http://IP(external):XX,XXXX/tsweb/ respectively for the two different connection methods trying to logon from my home to my office.

Maybe I've been trying to do to many things at once...Perhaps I should start over and rethink what the heck I've been trying to do. 

I have been trying to follow this guide for RDWC:

http://www.microsoft.com/windowsxp/using/networking/expert/northrup_03may16.mspx?pf=true

And this guide for RDC:

http://www.jakeludington.com/ask_jake/20051122_how_to_use_remote_desktop_connection_rdc.html

Thank you for having some patience with me and I'd really appreciate it you could let me know If these procedures are sound. Later, I think I will definately have to deal with the security side of these connections, but one thing at time.


----------



## JohnWill (Oct 19, 2002)

The guide looks fine to me, that should work.


----------



## eddie32818 (Oct 29, 2004)

Hello again,

Sorry I haven't been able to report back. 

After much tinkering, I had found out that our accountant had installed a "plug-in" with QuickBooks Premier called "Quickbooks Remote Access" that allowed users to login to the PC remotely. While he has no problems logging in remotely and has full control of the desktop, I could never get Microsoft's Remote Desktop to work. Perhaps the plugin (WebEx) has closed ports in order to prevent harmful intrusion into the PC, as it should be.

Please mark this thread closed and Happy Holidays to all.

Ed


----------



## JohnWill (Oct 19, 2002)

Hard to know what it was stepping on, thanks for the feedback. 

*You can mark your own threads solved using the







button at the top of the first page of the thread in the upper left corner.©*


----------

