Accessing my work computer remotely

Hi,

Several of our office employees have their computers set up for remote access. This was set up by an outside contractor. My computer was left out (for whatever reason) and I am taking a go at configuring remote desktop for my computer.

1. I assigned a static IP address and a dedicated port number ( ex. 3398 ) for my computer
2. On my client computer, in the registry, I change the remote desktop access port to match the dedicated port number ( 3398 ) I assigned for my computer
3. I enabled Remote Desktop inbound rules in Windows Firewall
4. I created a new inbound rule for remote desktop and assigned the port number ( 3398 )
5. Under the remote tab, in System Properties I have the following enabled (checked) — "Allow Remote Assistance connections to this computer" and "Allow connections from computers running any version of Remote Desktop (less secure)

I tested the remote connection using a laptop internally ( static ip address:3398 ) and it works. I then used the same laptop outside the office using the external ip address:3398 and was unable to connect. I know I have the correct external ip address as I helped installed an employee remote desktop on her MacBook and it works from outside the office. Please note: that this employee's Remote Access Port was already configured by an outside contractor.

I sense that I am almost there. It seems that I need to set an external setting on my desktop to connect from outside the office or something similar. If anyone knows a solution, I will be gladly appreciated.

Cheers.

iSec,

Thanks for following up on this.

"Is there a router in the equation?" - I am not sure.  This is not my area of expertise.

"Is this machine is sitting in the same office as the rest of the employees who are able to connect remotely" - Yes

Here are descriptive steps I went through when setting myself up.

When I log into our firewall control, I added my static ip address to the list of assigned ip addresses in the "Trust" zone that contains the static ip address followed by a "/32" as that is how all the computers were previously set up.

Next, I created a service base on how the others were set up: Transport protocal  - TC; proving the value zero in the low and 65535 as the high value in the Source port and an unused port number as the low and high values for the Destination port.

I then created a new "From Trust" to "To Untrust" policy and assigned the source address to the assigned ip address account I created and the destination address to the service I created.

Next I added my account to the list in the "From Untrust to Trust policy.  There is only one that was set up where the service contains all the Trust to Untrust policies (set to multiple).

One observation I made was I am unable to update a service (of another employee) where remote desktop working. I get the message "Service can't be modified" whereas I don't get that message if I modify my own service.  It seems that the services are linked somewhere other than the destination service for the policy.

Sorry for the long winding descriptive,  but I hope it help provide some insight from one who is not familiar with this process.  Not anywhere I was configuring the router itself ( I am assuming) and since I created my account based on previous records, but with a different port number - I believe I have set it up correctly, but it can't be since I am unable connect outside the office .  Where I am confuse is why I don't get a "Service can't be modified" for my service once I have assign it to my policy.

Hope this may help you understand what is happening.  I am also thinking that the problem could be at the computer end.  I confirmed that the port number in my registry matches the port number I have assigned myself.  I guess you knew that since I can connect "remotely" within the office.

Cheers

iSec,

I do have a router as the default gateway begins with 192 - Why wouldn't there be if other employees are able to connect?

Why do you need the first portion of it?  How will that help you? I am using the same IP address with a different port number as those who are already set up with Remote Access.

I am using windows firewall and Windows 7.

One thing I have noticed I am receiving a "Service: can't be modified" message when trying to change a destination port for those who are able to connect from outside the office and I don't receive the message when changing my ports.  Seems as if there is a link not in place for mine and I cannot figure out why. I am not sure if that will help, but it is the only part I have noticed with my settings is different (on the server side) to those who are able to connect.

Any insight would be appreciated.

ISec,

After taking a break from this task, thus my delay response, I figured it out.  There was another setting in the control panel that I previously missed.

Thanks for you input.