I'm unable to use Remote desktop from internet to PC in Trust zone

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

I'm unable to use Remote desktop from internet to PC in Trust zone

L2 Linker

Hello all,

I wanna Remote desktop from my PC in home to PC in my company but not success

This is my connection diagram

Untitled Diagram (1).jpg

 

I wanna remote to PC 10.126.123.132 (belong to VLAN 123, I use several VLANs in Core switch) but not success, NAT seems not to work, there's no traffic logs

This is my config..

Virtual router config.Virtual router config.

 

Security rulesSecurity rules

 

NAT ruleNAT rule

 

I can remote from internet to a server in DMZ zone successfully but L3_Trust zone, so I think because of using VLAN in core switch, it requires some other config.. Please help me 🙂

P/S: The public IP in the pictures is just an example IP 

32 REPLIES 32

Hmm..I still in the mide to troubleshoot on this issue, As this issue happen out of sudden,I try capture log from my Public IP, But packet is not reaching to FW

Can you create a ticket support in customer support page? I tried but in step 3, there's no checkbox to select device

Hi,

To open case with PAN Tac, I think you need to engage with your local ASC tReam assist you to create the support ticket.

Thanks

@Hongson,

Do you have an active support contract on your device? 

L1 Bithead

Hi Hongson -- Think you're looking for a U turn NAT.  Since I don't know your network configuration. 

 

Please see this article: 

https://live.paloaltonetworks.com/t5/Configuration-Articles/How-to-Configure-U-Turn-NAT/ta-p/61889

 

Or contact PAN-TAC.  Hope that works for you. 

@BPryI got 1 year support contract

Thank you guys, I've setup Globalprotect to establish VPN to my PC in workplace, it's pretty cool 🙂

I just found out my root issue that cause my incoming nat is not working, The reason been block is due to my dos policy, After disable the dos policy, It was working fine

Holy sh***!! Yes, you're right, I'm using Dos protection too and forgot about it :))

Try to chnage the action on your dos policy from deny to protect

Yes, you're right, I got this problem once time before, when setup remote from the internet to DMZ, I also fixed it by changed the Dos protection action from deny to protect. But after along time, I completly forgot about Dos protection

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!