Re: RDP thru RRAS basic firewall
- From: Scooty <scootyjthompson@xxxxxxxxx>
- Date: Thu, 24 Jan 2008 16:36:03 -0800 (PST)
On Jan 24, 10:50 pm, "Jeff Vandervoort" <jeffv @ jrvsystems dot com>
wrote:
Remove the RDP filters?? Well...if I remove the filters, it DEFINITELY won't
work. To be secure, RRAS VPN's require the "Drop all packets except"
setting, with specific packet filters for VPN ports & protocols. So that's
not what I'm doing wrong, for sure.
Anyone else know what I'm doing wrong?
--
Jeff Vandervoort
JRVsystemshttp://www.jrvsystems.com
"Scooty" <scootyjthomp...@xxxxxxxxx> wrote in message
news:216dd25e-d818-4b81-ae9a-555edbd80096@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
On Jan 24, 3:58 am, "Jeff Vandervoort" <jeffv @ jrvsystems dot com>
wrote:
We have a site-to-site VPN through WS2003 R2 SP2 RRAS. Basic Firewall &
the
standard VPN packet filters are in place.
The VPN is working, but I'd like to have RDP available through the RRAS
server to another machine inside the LAN for emergency use in case RRAS
can't connect for some reason. I'm having trouble configuring the firewall
and packet filters.
I can make an RDP connection to the admin machine from the internal
network,
so that's working.
External NIC is in a perimeter network behind a NAT router, but it's in
the
DMZ so the NAT router isn't dropping the packets.
In RRAS, here is what I have right now for RDP:
External NIC Inbound Filters--
Drop all except:
Source Address: Any, Source Mask: Any
Destination Address: <external IP>, Destination Mask: 255.255.255.255
Protocol: TCP, Source Port: Any, Destination Port: 3389
External NIC Outbound Filters:
Drop all except:
Source Address: <external IP>, Source Mask: 255.255.255.255
Destination Address: Any, Destination Mask: Any
Protocol: TCP (established), Source port: 3389, Destination port: Any
No packet filters on internal NIC.
On "NAT/Basic Firewall" tab, "Basic firewall only" is selected. On
"Services
and Ports" tab, Remote Desktop is turned on, and Private Address is set to
the internal, static IP of the admin computer.
When I try to connect, I get this message:
[Window Title]
Remote Desktop Disconnected
[Content]
This computer can't connect to the remote computer.
Try connecting again. If the problem continues, contact the owner of the
remote computer or your network administrator.
[OK] [Help]
When I enable "Log additional RRAS information" and try connecting, I
don't
see anything telling me about dropped packets.
What am I doing wrong?
--
Jeff Vandervoort
JRVsystemshttp://www.jrvsystems.com
No simple answer but I would try by removing the filters first, may
open you up, but at least it will prove if this is the problem
If that works add them back one at a time
Scott- Hide quoted text -
- Show quoted text -
The only way you can prove if it's the filters is to maybe try and set
the inbound destination port to any and the outbond source port to any
I know it opens you up but we are talking 5 minutes to prove that it
is not your filters that are casuing the issues
From what you describe everything else sounds correct
Other than that use netstat -an on the systems to see what ports and
addresses are in use and being mapped
Only trying to help!!!
.
- References:
- Re: RDP thru RRAS basic firewall
- From: Scooty
- Re: RDP thru RRAS basic firewall
- Prev by Date: Re: Is there some sort of throttle for network download in Windows Server 2003
- Next by Date: Re: DHCP Setup- Sound like a good idea
- Previous by thread: Re: RDP thru RRAS basic firewall
- Next by thread: Easy way of changing IP addresses using a script
- Index(es):
Relevant Pages
|
