I'm unable to use Remote desktop from internet to PC in Trust zone

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

I'm unable to use Remote desktop from internet to PC in Trust zone

L2 Linker

Hello all,

I wanna Remote desktop from my PC in home to PC in my company but not success

This is my connection diagram

Untitled Diagram (1).jpg

 

I wanna remote to PC 10.126.123.132 (belong to VLAN 123, I use several VLANs in Core switch) but not success, NAT seems not to work, there's no traffic logs

This is my config..

Virtual router config.Virtual router config.

 

Security rulesSecurity rules

 

NAT ruleNAT rule

 

I can remote from internet to a server in DMZ zone successfully but L3_Trust zone, so I think because of using VLAN in core switch, it requires some other config.. Please help me 🙂

P/S: The public IP in the pictures is just an example IP 

32 REPLIES 32

change your security policy/action/log settings to session start.

 

attempt a connection and find connection attempt in monitor/traffic.

 

if you can see the session start then select magnifying glass on left column and post 

I've already choosen both Log at session start and end before 😞

L7 Applicator

in your security policy, should the destination address be 10.126.123.132 and not 113.160.131.230

I think it must be 113.160.131.230 but anyway, I tried changing it to 10.126.123.132 or any, it's not working 😞

Of cource it wouldn't work...When using destination NAT, Security policy must contain PRE-NAT addresses and POST-NAT zones. Which means that your original configuration configuration is actually correct.

 

In my humble opinion your original configuration was correct (correct NAT and correct security policy). There was suggestion to set source NAT and I saw you have enabled source and destination - I would say this is wrong... I believe the suggestion was to configure source static nat and enable bidirectional. That way you should accomplish the same think create static NAT. But you shouldn't enable both source and destination in the same rule.

 

In the capture you can see that drop capture is filling with with the SYN, so

 

So my suggestion:

1. Put everything back as you configure it originally.

2. I saw that you are using service group RDP, can you confirm that this service group contain TCP port 3389?

3. Enable log on start for the security rule
4. Check traffic log for log matching your source address. send screenshot for this entry (you can hide the real addresses if you like)

 

 

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!