Use Remote Desktop Web Connection with NAT-enabled firewalls
It's a common misconception that Windows Server 2003's Remote Desktop Web Connection (RDWC) eliminates the need to configure port forwarding to access computers behind a NAT-enabled firewall. You still need to forward HTTP traffic to the computer, along with the port assigned for the client connection. If you need to access multiple computers behind a firewall, the best solution is to use a VPN client to connect to the network. Using a VPN client, you can connect to any RDWC server using the default ports 80 and 3389 because NAT is no longer an issue.
If you do need to make RDWC work through NAT, you can certainly do so. For example, assume you have a main server to which you've already forwarded ports 80 and 3389, enabling you to access that server from the Internet for RDWC. You add another server and also want to access it through RDWC from the Internet. You must use different ports for HTTP and the client connection on this second server, so let's assume you're going to use 8081 for HTTP and 4115 for the client connection. That means port mapping these two ports in the firewall to the target computer.
In addition, you also need to configure the target computer's Web site to respond to the port you've chosen for HTTP. Open the properties for the Web site, click the Web Site tab, and click Advanced. Click Add, and add an identity that includes the specified port. You don't need to specify a host header name. As long as you've forwarded the appropriate port to the computer for the incoming HTTP traffic, you'll be able to hit the server's Web page. Just specify the URL in the following form: http://public IP:port or http://hostname:port, such as http://206.16.0.29:8081 or http://www.whatever.com:8081.
Next, configure two settings on the server to enable it to listen on the appropriate port for the client connection. First, determine the location of the Tsweb virtual directory.
Open the IIS console, right-click the Tsweb virtual directory, and note the path in the Local Path field on the Virtual Directory tab. Open the Default.htm file in that target directory in Notepad or other Web editor.
Search for the group of lines that start with the following:
MsRdpClient.AdvancedSettings2
After the last of these lines, add the following new line, using port 4115 for this example:
MsRdpClient.AdvancedSettings2.RDPPort = 4115 After you save the file, open the Registry Editor, and navigate to
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\TerminalServer\WinStations\RDP-Tcp.
Edit the PortNumber value to correspond to the target port, which in this example is 4115. Then, close the Registry Editor.
At this point, your server should be accessible from the outside. Point Internet Explorer to http://public server:8081. Assuming you've configured NAT properly, you should see the RDWC connection page.
In the Server field, enter the same public IP address or fully qualified host name you use for the server portion of the URL, and click Connect. (Don't include the connection port number.) The combination of port forwarding and the changes you made to Default.htm and the registry should cause the client connection to succeed.
Note: Editing the registry is risky, so be sure you have a verified backup before making any changes.