none
Remote Desktop Gateway : How to set local adresses range

    Question

  • Hi All,

    I'm using RDS 2012 to share some applications.

    I'm using a RD Gateway to let internet clients use the published applications.

    Today i'm facing a problem that I want to share with the community, and i'm sure it's a good topic.

    I want that only internet clients use the RDGateway server, so I decided to check the option "Bypass the Gateway for local addresses"

    The question is how the mechanism detects that it's in a local range or in a internet range.

    The problem comes after some users in a branch office (connected to the main office via MPLS, not internet) reported me some performance issues, after I checked I found that they are redirected via the gateway, it's not my aim, I want only internet clients to be redirected via the Gateway.

    The solution is : Is there any configuration file in the RDS server where I can configure and let the RDS server now the range and the source addresses that I want to be considered as local ?


    Regards, Samir Farhat Infrastructure Consultant

    Friday, March 08, 2013 11:09 AM

Answers

All replies

  • You may want to configure Network Resouce on RD Gateway. This how to may help.

    How to configure Network Resource in RD Gateway - Step by step with screenshots


    Bob Lin, MVP, MCSE & CNE Networking, Internet, Routing, VPN Troubleshooting on

    http://www.ChicagoTech.net

    How to Setup Windows, Network, VPN & Remote Access on

    http://www.howtonetworking.com

    Friday, March 08, 2013 8:15 PM
  • Hi Bob,

    Thanks for the response but I think you misunderstood my issue.

    You response is right to set to which network resource the gateway is authorized to route traffic.

    But my aim is to fix (I think in the RDSH or the Broker) what are the addresses that have to be considered as local when connecting via the RDweb ?

    I don't want my branch office clients to be considered as WAN clients ?


    Regards, Samir Farhat Infrastructure Consultant

    Saturday, March 09, 2013 7:21 PM
  •  Hi Samir,

    There are no settings  to change the behaviour of the "Bypass the gateway for local addresses" checkbox.

    What it better should be called is "Bypass RD gateway for addresses that this machine can reach".

    That means the following (as in my example screenshots):

    • The RD client are first trying to reach mst-rd01.mst.lab with RDP on port 3389.

    That means that the client must be able to resolve the internal DNS name on the server (in my case mst-rd01.mst.lab), and that there are no firewalls that are blocking TCP/3389.

    (I've confirmed this process with Wireshark :-))

    • If above process is not working, the RD client are going to connect through the RD gateway .

    See the following blogposts for more info on the topic:

    http://fixmyitsystem.com/2011/11/how-to-configure-connect-from-anywhere.html

    http://www.windowsitpro.com/article/terminal-server-and-services/bypass-gateway-server-144793


    MCT | MCSE: Private Cloud/Server, Desktop Infrastructure


    Sunday, March 10, 2013 10:10 AM
  • Thank johan,

    I did try this but with no luck, the RD session is always redirected to the Gateway, but I suspect the DNS resolution, the site was encountering DNS issues few days ago. I will make a check when going back to the office and confirm your proposition.

    Thanks


    Regards, Samir Farhat Infrastructure Consultant

    Sunday, March 10, 2013 10:53 AM
  • Can I assume only users in a branch office have this issue but not internal users? If yes, can I assume the branch office IP address range is different from the internal user IP address range? For example, in our mail office the IP range is 10.0.0.0/16 and branch office IP range is 172.168.10.0/24


    Bob Lin, MVP, MCSE & CNE Networking, Internet, Routing, VPN Troubleshooting on

    http://www.ChicagoTech.net

    How to Setup Windows, Network, VPN & Remote Access on

    http://www.howtonetworking.com

    Sunday, March 10, 2013 3:01 PM