Post a sanitized and applicable portion of your config.

 

 

 

Source Address > Any

Destination Address > 192.168.X.X  (Computer I want the RDP to rediret to)

Service > RDP

Application > none

Action > permit

Tunnel > VPN > none

            >L2TP >None

 

Is this all you need?  Thank You for your help

if i understand this correctly you have a netscreen with two zones - trust and untrust? trust is your local lan, and untrust is connected to the internet? and you want to be able to access a pc on your local lan from home? if this is the case then you need to sort out address translation and a policy. in terms of address translations you have two options - either a mip or a vip. then you need a policy from untrust -> trust which permits the required source address to the destination translated address for rdp.  then, from home you need to connect to the translated address you have setup at the office.  if you only need to connect from home then i would recommend restricting the policy to the public ip address of your home connection if it is static...or if it is dynamic then i would recommend setting up something like dyndns.

Andyt,

It looks like I dont have the first part complete.  Could you please help me out wiht how to set up the mip or vip. 

 

Thanks in advance

sure.

 

if you only have a single public address, the one assigned to your untrust interface, then i would probably recommend the use of a vip for address translation.  this will allow you to do multiple translations using your one ip address to multiple internal addresses based upon destinatin port number.

 

i'm using an ns50 running 5.4.0r10 code to go through this, but the steps should be similar on your kit...   from the webui...

 

create the internal host as an object:

 

objects | addresses | list | untrust > new | address name : [insert hostname here] | ip address/netmask : [insert ip/snm here] > ok 

 

create your external source address as an object: 

 

objects | addresses | list | trust > new | address name : [insert hostname here] | ip address/netmask : [insert ip/snm here] > ok 

 

add rdp as a custom service: 

 

objects | services | custom > new | service name: [rdp] | transport protocol : [tcp] | source port : [1 - 65535] | dest port : [3389] > ok 

 

create your vip pointing incoming rdp requests to the public ip address to the internal host: 

 

network | interfaces | untrust | vip | add/modify vip entry | same as untrused interface ip address > add

 

new vip service | virtual ip : [leave as public ip address auto-populated] | virtual port : [3389] | map to service : [rdp] | map to ip: [insert internal host ip here] > ok

 

create the policy to permit the inbound connections:

 

policies | from : [untrust] | to : [trust] > new | source : [external source] | dest : [vip(ethernet3)] | service : [rdp] : action : [permit] > ok

 

and that should get you up and running...just point the rdp client running on your home pc at the public ip address of your office... 

 

Thank you... I got it!