SRX Services Gateway
Blogs
Discussion Forums
Programs & Events
turn on suggestions Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Reply
Topic Options
SupportDriveIT
Visitor
SupportDriveIT
Posts: 7
Registered: ‎03-22-2011
0
Accepted Solution

SRX100B - Dynamic VPN - RDP not usable

[ Edited ]
Options

‎05-29-2012 11:58 PM - edited ‎05-30-2012 12:00 AM

Hi,

I have a problem / misconfiguration with my firewall. We have a fixed adsl IP on the wan and a vlan for the LAN. We have port 3389 connected directly to a pc from the outside wan. But now I have configured Dynamic VPN as per http://kb.juniper.net/library/CUSTOMERSERVICE/GLOBAL_JTAC/technotes/dynamic-vpn-appnote-junos10.4-v2... and it works fine. But now when I want to Remote Desktop to my server, I get redirected to the PC. Even tough through file access it works ( eg \\192.168.0.101 ) , but rdp on that IP not. Here is my config : 

 

 Can someone see why this is not working?

 

Greetings,

Thomas

Attachment 20120529 - Config Juniper SRX100B.txt ‏14 KB
Message 1 of 4 (337 Views)
 
Reply
traubm
Visitor
traubm
Posts: 6
Registered: ‎05-30-2012
0

Re: SRX100B - Dynamic VPN - RDP not usable

Options

‎05-30-2012 04:38 AM

My guess would be that the NAT rule for RDP is being applied regardless. I have the following in my config before any destination NAT rules:

 

rule-set untrust-to-trust {

        from zone untrust; 

        rule IPSECLinks {

                # Don't apply NAT to any incoming private (IPSEC) link connections to our LAN

                match {

                        source-address-name RFC1918;                                   # you can make this 10.10.10.0/24.

                        destination-address-name HomeLAN;                           # and this would be 192.168.1.0/24

                }

                then {

                        destination-nat off;

                }

        }

 }

Message 2 of 4 (325 Views)
 
Reply
Distinguished Expert
Distinguished Expert
MMcD
Posts: 513
Registered: ‎07-20-2010
0

Re: SRX100B - Dynamic VPN - RDP not usable

Options

‎05-30-2012 08:31 AM

Try the following.  The traffic for 192.168.1.101 is getting routed down the VPN by the pushed routes from the SRX.

 

 

dynamic-vpn {
        access-profile dyn-vpn-access-profile;
        clients {
            all {
                remote-protected-resources {
                    192.168.1.0/24;
                }
                remote-exceptions {
                    192.168.1.101;
                }
                ipsec-vpn dyn-vpn;
                user {
                    PcManager;
                    geelen;
                }
            }
        }

 

MMcD [JNCIS-SEC, CCNA, MCP]
____________________________________________________

[Please Mark My Solution Accepted if it Helped, Kudos are Appreciated Too]
Message 3 of 4 (318 Views)
 
Reply
SupportDriveIT
Visitor
SupportDriveIT
Posts: 7
Registered: ‎03-22-2011
0

Re: SRX100B - Dynamic VPN - RDP not usable

Options

‎06-05-2012 07:25 AM

Thanks for the answers, strangely I taught the first answer was the correct one, with a policy which disables the nat for that specific device, but it did not help. Fortunatly , the second one did ! Thanks!
Message 4 of 4 (290 Views)
 
Reply
Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.