Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 29 replies
  • Subscribers 1 subscriber
  • Views 13659 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Remote access via SSL

NewtoAstaro
UTM 9.105-9

I'm the Domain Administrator and I VPN to our domain then I RDP to computer A - no problem. If I now RDP to computer B from computer A - no problem. I log off computer B and then log off computer A and then try to RDP to computer B, I get a popup saying that either RDP is not enabled, the computer is not responding or is turned off. I've examined the windows firewall for that computer B and it is the same as computer A and its Logs have nothing significant. Is this likely to be an Astaro issue?


This thread was automatically locked due to age.
  • 0
    Don't bother with the debug mode.  This is either a routing problem or the setting in Computer B that I referred to earlier in the thread.

    Can host B reach the ssl vpn pool network? When this laptop is offsite, it can vpn to the domain - is that what you mean? 

    No, the other way around: can computer B see a device logged in via the SSL VPN?

    Do you confirm that computer B is running Windows XP or older, not Vista or newer?

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson
    Bob: In order to reach Computer B, my desktop (not a domain member) VPN's into the domain and then I RDP to the Domain Controller and from there I RDP to Computer B. Neither the DC or Computer B (running XP Pro) can see my desktop.
  • 0
    Does Computer B have the same default gateway (UTM) as Computer A?
    If not, does Computer B know where to route to the SSL subnet?

    Managing several Sophos UTMs and Sophos XGs both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

    Sometimes I post some useful tips on my blog, see blog.pijnappels.eu/category/sophos/ for Sophos related posts.

  • 0 in reply to apijnappels
    apijnappels: Unfortunately, Computer B has been taken offsite for the next few days and is therefore inaccessible - bugger!
  • 0 in reply to NewtoAstaro
    apijnappels: , Computer B is back online after resolution of unrelated issues. It does have the same default subnet as Computer A. Why would Computer B need to know where to route to the SSL subnet?
  • 0
    For 2 computers to be able to talk to each other over an internetworked connection, they need to know how to reach each other (both computers know how to reach the other computer).
    If you use the same default gateway for both A and B it's not likely the default gateway is the reason for computer B being not reachable.
    You can try to look at A and B to the route table (In windows you can run the command:  route print  from within a command prompt. Maybe one of the computers has a static route that the other doesn't have.
    A and B really are in the same network if I understand correctly?

    Managing several Sophos UTMs and Sophos XGs both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

    Sometimes I post some useful tips on my blog, see blog.pijnappels.eu/category/sophos/ for Sophos related posts.

  • 0 in reply to apijnappels
    OK, they aren't on the same network. Computer A is remote and connected to the network via a VPN and Astaro gives it an IP (10.242.2.5) which is not on the same network as Computer B (10.2.113.162) but I can remote to Computer C (10.2.113.164).
  • 0 in reply to NewtoAstaro
    Sorry, of course they're on the same network, 10, so we're back to why can I remote to C and not B?
  • 0
    You should check default gateway and route table on B and C (they should match, especially for a possible 10.242.2.0/255.255.255.0 route that may (or may not) exist.

    Also check firewall rules; do you have a automatic firewall rules on your SSL remote access? If not, check that you have a rule    VPN Pool (SSL) -> any -> Internal (Network) : Allow and possibly also Internal (Network) -> any -> VPN Pool (SSL) : Allow

    Then also check a possible software firewall at computer B which may prevent your remote machine communicating with it.

    When checking also open up your Firewall live log so you can actually see if anything comes by (allowed or blocked). You could filter on 10.242.2 or 10.2.113.16 (Not using full IP-addresses to see all traffic to IP-addresses starting with the mentioned octets).

    Managing several Sophos UTMs and Sophos XGs both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

    Sometimes I post some useful tips on my blog, see blog.pijnappels.eu/category/sophos/ for Sophos related posts.

  • 0 in reply to apijnappels
    Used netstat -r to get routing table of B (C is unavailable until this evening) and it makes no mention of 10.242.2.0/255.255.255.0.
Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?

Unfiltered HTML