How to configure RDG behind NAT

This week’s problem was to make working Remote Desktop Gateway located behind a NAT. Here’s the lessons learned:

  • Issue an SSL certificate with the subject matching public DNS name (FQDN)
  • Use the default port 3389/TCP, otherwise SSL certificate’s name won’t match FQDN returning an error:

    The computer can’t verify the identity of the RD Gateway.

    or if you put it to current user’s Trusted Root Certification Authorities:

    Your computer can’t connect to the computer because the Remote Desktop Gateway server address requested and the certificate name do not match.

  • Publish on the firewall, i.e. make available from outside, HTTPS port 443/TCP. Otherwise connection won’t be established returning another meaningless error:

    Your computer can’t connect to the remote computer because the RDG server is temporarily unavailable.

That’s all, folks!

This entry was posted in Infrastructure and tagged , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s