Has anyone got XP remote desktop to work on a PC behing the firewall? I did everything per knowledge base article # 168179 but sitll doesn't work. Thanks
I run Microsoft's Remote Desktop Client every day. I use it to access my office PC from home, and also to access my home PC from the office. Both my home and my office has ASG 6.1 firewalls. Both firewalls has packet filter settings that allow just about all outbound traffic.
I run Microsoft's Remote Desktop Client every day. I use it to access my office PC from home, and also to access my home PC from the office. Both my home and my office has ASG 6.1 firewalls. Both firewalls has packet filter settings that allow just about all outbound traffic.
If you have set up a DNAT for port 3389 to your desktop, and a packet filter rule that reflects the same... and it still doesn't work... check the IPS rules.. you'll probably find false hits on 2 or 3 rules that specifically have to do w/ RDP.. just disable those rules. It's a pretty common problem.
Yep... easy.. just sort the list of main categories by clicking the row header for hits... then click the folder Icon to drill down and look thru the rules that have collected hits.. you're looking rules that have anything to do w/ RDP (it'll be part of the description of the rule).. just disable the offending ones.
post your applicable DNAT rule and Packet filter rule... there's a mistake there somewhere... make sure the default gateway on the subject PC is the Astaro.
Rules 1447 and 4060 in the IPS should be disabled or allowed. To find them, simply click the filters button in the top right of the rules page, and enter the string "RDP" in the substring blank.. and click Apply... it should list 4 rules total, 2 of which are RDP rules.
I've run across an interesting observation. With IPS enabled on both machines on each end of an IPSec VPN tunnel, and with "any-any" packet filter rules setup, so that all traffic can flow freely back & forth between each subnet across the IPSec VPN, Remote Desktop will not. Something in IPSec on the outgoing side keeps that traffic from reaching the other side.
For example, I'm on a machine (192.168.2.xxx) and am trying to RD into a machine on 192.168.1.xxx. The ASG on 2.xxx stops the RD traffic if IPS is enabled. Yet, I filtered the IPS rules and the above mentioned RDP rules have NO HITS detected. I went ahead & disabled them & still no dice.
This is strange because the 'any-any' packet filter I've been using for over two years has worked just fine with all types of services, including RDP. That was until IPS was enabled.
I was able to get everything working with IPS by adding the RDP specific packet filter entries as mentioned above. However, should I have really needed to add these? Other services like MS File & Printer sharing for example, work fine thur IPS & IPSec VPN.
Rules 1447 and 4060 in the IPS should be disabled or allowed. To find them, simply click the filters button in the top right of the rules page, and enter the string "RDP" in the substring blank.. and click Apply... it should list 4 rules total, 2 of which are RDP rules.
[/ QUOTE ]
This is incorrect, as I was getting NO hits for Rule 1447 & 4060. However, I was getting a BUNCH of hits on Rule 1448 (MISC MS Terminal server request - ID 1448) which is disabled by default, which is interesting, as I was trying to MS Remote Desktop between two XP SP2 machines. The firewall on the local side was keeping thte request from going out which I also thought was strange, as I thought IPS for the most part, kept undesirable stuff from coming in.
