I'm unable to use Remote desktop from internet to PC in Trust zone

Reply
L2 Linker

I'm unable to use Remote desktop from internet to PC in Trust zone

Hello all,

I wanna Remote desktop from my PC in home to PC in my company but not success

This is my connection diagram

Untitled Diagram (1).jpg

 

I wanna remote to PC 10.126.123.132 (belong to VLAN 123, I use several VLANs in Core switch) but not success, NAT seems not to work, there's no traffic logs

This is my config..

Capture.PNGVirtual router config.

 

2.JPGSecurity rules

 

3.JPGNAT rule

 

I can remote from internet to a server in DMZ zone successfully but L3_Trust zone, so I think because of using VLAN in core switch, it requires some other config.. Please help me :)

P/S: The public IP in the pictures is just an example IP 

L6 Presenter

Re: I'm unable to use Remote desktop from internet to PC in Trust zone

In your nat rule try adding source nat 10.126.125.1.

 

your dmz may have a default route to the internet but maybe your vlans dont.

L3 Networker

Re: I'm unable to use Remote desktop from internet to PC in Trust zone

take a packet capture on the firewall and the end client.

If you see the syn packet on the end client this would mean the packet is getting forwarded to the client.

Check if you recieve a syn-ack back on the firewall from the client.

 

If that is not the case then , check the routing on the switch. For testing in the nat rule that you have created for inbound, source nat the traffic to the trustzone interface.

 

Share the output of pcaps and session if this still does not resolve

L2 Linker

Re: I'm unable to use Remote desktop from internet to PC in Trust zone

Thank you all for your help, I added source translation to IP of L3_Trust interface (10.126.125.1) but still not success when Remote Desktop :(

 

Capture.JPG

L3 Networker

Re: I'm unable to use Remote desktop from internet to PC in Trust zone

at this point. take a pcap on firewall and client together. Share the details.

 

Provide the below details

 

After trying rdp connection ,in the command line type

1) show session all filter source<your_public_src_ip> destination 113.160.131.230 destination-port 3389

this command will list the running sessions and the left most column is session id. Select a session id

2) show session id<session_id>

 

 

 

L6 Presenter

Re: I'm unable to use Remote desktop from internet to PC in Trust zone

Try modifying your source translation 

 

address type = translated address

translated address = 10.126.125.1

 

L2 Linker

Re: I'm unable to use Remote desktop from internet to PC in Trust zone

Thank you Sir, this is the picture of recive.pcap and drop.pcap, there's nothing in transmit.pcap and firewall.pcap. I'm sorry, due to security reason, I'm not allowed to upload capture file here

27.67.9.246 is my public IP from internet zone

1.JPG2.JPG

I also run command show session all filter source<your_public_src_ip> destination 113.160.131.230 destination-port 3389 but there's no active session

L2 Linker

Re: I'm unable to use Remote desktop from internet to PC in Trust zone

I change the source translate to "translated address" but it still not working

3.JPG

L6 Presenter

Re: I'm unable to use Remote desktop from internet to PC in Trust zone

from the cli.

 

ping source 10.126.125.1 host 10.126.123.132

 

do you get replies?

L2 Linker

Re: I'm unable to use Remote desktop from internet to PC in Trust zone

Yes sir, Ping successful

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!