Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
10464
Views
0
Helpful
8
Replies

RDP without VPN

JasonNYC
Level 1
Level 1

‎04-04-2018 04:18 AM

We currently use DUO for our RDP connections, directly and without VPN (Port open on firewall). Have never had an issue.

We purposefully don’t want VPN because we don’t need network level access and we don’t want people’s potentially infected remote computers on our networks. Then there’s the added inconvenience of managing muti-platform VPN clients and potentially additional credentials.

However, most traditional IT people suggest that adding VPN would be safer.
It’s definitely an extra layer but given the issues I mention above, the minuses seem to outweigh the pluses.
How are people doing this? Anyone care to comment?

Labels:
0 Helpful
8 Replies 8

DuoKristina
Cisco Employee
Cisco Employee

‎04-09-2018 12:49 PM

MS RD Gateway was made for this. It accepts the incoming RDP connection over HTTPS/443 instead of the regular RDP TCP/UDP port(s) 3389, so incoming client traffic is encrypted.

Duo, not DUO.
0 Helpful

Jeal168
Level 1
Level 1

‎04-09-2018 02:54 PM

I used it too without vpn however I do used below setup to add additional security:

  1. change rdp default port from 3389 to something else
  2. enable OS firewall and only allow connections from certain range of IP to limit exposure
  3. use live account to login that is mapped to a local account
  4. I use automated script to block IPs from unknown connection attempts if any or even if it just an attempted port scan

Good Luck!

0 Helpful

asy
Level 1
Level 1
In response to Jeal168

‎05-17-2018 06:59 AM

Hello - we’re also using Duo with RDP.

I ran into some problems when changing the rdp port on a Windows 7 machine. All went as expected until the call to Duo was supposed to happen. It never did and the attempted session hung. RDP on 3389 works fine with Duo. Did you run into anything like that? Any hints?

Thanks!

0 Helpful

PatrickKnight
Level 1
Level 1
In response to asy

‎05-17-2018 12:36 PM

I’d take a peak at your firewall settings. I know the Microsoft OS firewall does not update the RDP port when it is changed in the registry.

0 Helpful

asy
Level 1
Level 1
In response to PatrickKnight

‎05-17-2018 12:59 PM

Thank you so much for responding. Yes - I have definitely made that mistake in the past but didn’t this time. I sniffed the traffic and found all the back and forth doing fine - but all stopped just after the mouse click that should have had the host make a call to Duo.

The DNS call to find Duo never gets made nor is there further traffic.

But, since it sounds like others are doing this just fine, there must be something I’m doing wrong in my setup.

0 Helpful

PatrickKnight
Level 1
Level 1
In response to asy

‎05-17-2018 01:05 PM

You can try enabling debug logs for advanced troubleshooting.

0 Helpful

asy
Level 1
Level 1
In response to PatrickKnight

‎05-17-2018 01:16 PM

Once again, thank you. I will go read up on that.

0 Helpful
Quick Links
     
                  Duo Release Notes   Duo Discussion Forums      
 
 
Customers Also Viewed These Support Documents