Can’t connect to specific IP address and/or TCP port – can the ISP be blocking it

ipv4isprdptcptcpip

I have a RDP user who has successfully been using RDP from his laptop to his workstation in our office when he is at home.
It is configured to use our public IP and port 10378 and has been working fine until about 2 weeks ago when it just stopped working for him.

  • I've checked this RDP profile (IP:PORT) config from numerous other external IPs and all of them can connect OK
  • I've also got two other RDP users for this office with similar configs but with different ports and neither of those are working for his laptop when
    he is at home, but they are working from any other external PC I test
    with
  • From his laptop, I've tried RDP to another server on a
    different public IP address using standard 3389, and another
    different public IP using TCP 4321. Both of these connect OK
  • From his wife's laptop on the same home internet connection, I cannot connect to his RDP config or the other two
  • Take his laptop away from home, connect to a different internet connection (even an iPhone personal hotspot at home) and the RDP config works fine

I've checked our Firewall's policies and the port forwards are still as they were when it was working fine. The allowed external IP's is still set to 'ANY' and the desktop PC is still listening on the same RDP port I configured months ago.

Can it be that the ISP for his home internet connection is blocking traffic to one specific IP address? Or a few specific TCP Ports?

How can I test and prove this? Or what else could it be?

I tried to ask this on Network Engineering but was shunned for being off-topic, so I'm coming here hoping someone may be able to help…

Best Answer

Old topic, but I want to warn future readers that presenting RDP directly to the Internet - even on a nonstandard port - is an incredibly bad idea.

Set up a secure VPN from the user’s laptop to a network or to a specific machine in their workplace and run RDP traffic through that encrypted tunnel. This solves the possible issue of RDP traffic being intercepted by the ISP, and it works around possible weaknesses in the RDP protocol security.