We are equipping a roaming group of RDP users that connect to one Windows Server 2008 Terminal Server from various sites. They move from site to site as a group and when working, they are all at the same site, generally in the same room.

When on site, they will be behind whatever NAT device is installed at that site. These are generally simple common brand firewalls that dont block ports; they just require that the session be initiated from the LAN side of the device.

We are working to develop a configuration that will allow their terminal server sessions to share scan and print devices at their remote site. We are interested in a native Windows solution if possible.

We have been reading about the capabilities of Windows VPN tunnel sharing and I would like feedback on the feasibility of using this scenario:

Obtain a laptop workstation with two CAT5 Ethernet ports running Windows 7 or Windows 8. Plug one port into the on site LAN and receive a local protected address and initiate an IPSec tunnel to a Windows RRAS server through the Internet to the same LAN as the Terminal Server. Enable sharing and routing on that IPSec tunnel.

Connect the other Ethernet port of the laptop workstation to a small switch and configure it with an IP subnet that is unlikely to be encountered anywhere the group goes. Enable DHCP server on the workstation for that subnet if possible. Configure it to be the gateway and send IP traffic from clients on that subnet through the IPSec tunnel to the RRAS server and subnet where the Terminal Server is. Have RDP clients plug into the switch and get their addressing from the Windows 7 or Windows 8 workstation and use the route to the Terminal Server. Plug a network printer or scanner into the same subnet and use it normally from the Terminal Server if the Windows 7 or Windows 8 workstation can act as a generic router.

Before we give it a try in a test environment I would appreciate feedback from anyone who may have information on the feasibility of such a configuration or tips that may help.

Thank you.

Hi,

From your description, I think it is feasible. But you need to set up a RRAS server, which is beyond the bounary of this forum. I suggest you post a new thread at http://social.technet.microsoft.com/Forums/windowsserver/en-US/home?forum=winserverNIS for help.