RDP does not work over SSL VPN

Any firewall rules which could deny this service from vpn to lan? Maybe a rule without logging ;-) If the server is in the lan?

Maybe show us which rules allow RDP.

Best

Alex

Hi Janssens,

PM me the remote access support code and I will look into the configurations.

Thanks

Sent the PM. THanks!

I found the problem thanks to Sachin Gurun: it wasn't on the Sophos side - that's why I couldn't find anything in the log files. It was a GPO that only allowed RDP from specific subnets and the SSP VPN Pool subnet was not part of that.

Hi All,

In such events, always look at the tcpdump captures to understand the packet communication between the two endpoints. In this example, the UTM was forwarding the SYN request from the VPN connected client but the Server didn't respond with an ACK packet.

11:25:19.168707  In ethertype IPv4 (0x0800), length 68: 10.242.2.3.49868 > 172.29.9.1.3389: Flags , seq 3435107371, win 8192, options [mss 1350,nop,wscale 8,nop,nop,sackOK], length 0

11:25:19.168932 Out 00:1a:8c:58:30:d1 ethertype IPv4 (0x0800), length 68: 10.242.2.3.49868 > 172.29.9.1.3389: Flags , seq 3435107371, win 8192, options [mss 1350,nop,wscale 8,nop,nop,sackOK], length 0

11:25:22.087104  In ethertype IPv4 (0x0800), length 68: 10.242.2.3.49868 > 172.29.9.1.3389: Flags , seq 3435107371, win 8192, options [mss 1350,nop,wscale 8,nop,nop,sackOK], length 0

11:25:22.087215 Out 00:1a:8c:58:30:d1 ethertype IPv4 (0x0800), length 68: 10.242.2.3.49868 > 172.29.9.1.3389: Flags , seq 3435107371, win 8192, options [mss 1350,nop,wscale 8,nop,nop,sackOK], length 0

11:25:28.323570  In ethertype IPv4 (0x0800), length 64: 10.242.2.3.49868 > 172.29.9.1.3389: Flags , seq 3435107371, win 8192, options [mss 1350,nop,nop,sackOK], length 0

11:25:28.323678 Out 00:1a:8c:58:30:d1 ethertype IPv4 (0x0800), length 64: 10.242.2.3.49868 > 172.29.9.1.3389: Flags , seq 3435107371, win 8192, options [mss 1350,nop,nop,sackOK], length 0

Hope that helps someone.