SRX Services Gateway
Reply
Visitor
SupportDriveIT
Posts: 9
Registered: ‎03-22-2011
0
Accepted Solution

SRX100B - Dynamic VPN - RDP not usable

[ Edited ]

Hi,

I have a problem / misconfiguration with my firewall. We have a fixed adsl IP on the wan and a vlan for the LAN. We have port 3389 connected directly to a pc from the outside wan. But now I have configured Dynamic VPN as per http://kb.juniper.net/library/CUSTOMERSERVICE/GLOBAL_JTAC/technotes/dynamic-vpn-appnote-junos10.4-v2... and it works fine. But now when I want to Remote Desktop to my server, I get redirected to the PC. Even tough through file access it works ( eg \\192.168.0.101 ) , but rdp on that IP not. Here is my config : 

 

 Can someone see why this is not working?

 

Greetings,

Thomas

Visitor
traubm
Posts: 7
Registered: ‎05-30-2012
0

Re: SRX100B - Dynamic VPN - RDP not usable

My guess would be that the NAT rule for RDP is being applied regardless. I have the following in my config before any destination NAT rules:

 

rule-set untrust-to-trust {

        from zone untrust; 

        rule IPSECLinks {

                # Don't apply NAT to any incoming private (IPSEC) link connections to our LAN

                match {

                        source-address-name RFC1918;                                   # you can make this 10.10.10.0/24.

                        destination-address-name HomeLAN;                           # and this would be 192.168.1.0/24

                }

                then {

                        destination-nat off;

                }

        }

 }

Distinguished Expert
MMcD
Posts: 637
Registered: ‎07-20-2010
0

Re: SRX100B - Dynamic VPN - RDP not usable

Try the following.  The traffic for 192.168.1.101 is getting routed down the VPN by the pushed routes from the SRX.

 

 

dynamic-vpn {
        access-profile dyn-vpn-access-profile;
        clients {
            all {
                remote-protected-resources {
                    192.168.1.0/24;
                }
                remote-exceptions {
                    192.168.1.101;
                }
                ipsec-vpn dyn-vpn;
                user {
                    PcManager;
                    geelen;
                }
            }
        }

 

MMcD [JNCIP-SEC, JNCIS-ENT, CCNA, MCP]
____________________________________________________

[Please Mark My Solution Accepted if it Helped, Kudos are Appreciated Too]
Visitor
SupportDriveIT
Posts: 9
Registered: ‎03-22-2011
0

Re: SRX100B - Dynamic VPN - RDP not usable

Thanks for the answers, strangely I taught the first answer was the correct one, with a policy which disables the nat for that specific device, but it did not help. Fortunatly , the second one did ! Thanks!
Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.