Management
Highlighted
Management

Juniper MAG Unable to RDP

‎09-25-2012 02:05 PM

Hi All,

 

We've just commissioned a MAG device and we're able to connect fine, able to ping our internal range but can't RDP into any servers. Does anyone know what I could've missed?

 

Cheers,
Glenn

9 REPLIES 9
Highlighted
Management

Re: Juniper MAG Unable to RDP

‎09-25-2012 04:13 PM

What kind of MAG? UAC or SSL? Did you define resource profiles for the RDP to ensure that the access rights are correct (If SSL)... Very open ended question unless I am just not understanding your post. 

Kevin Barker
JNCIP-SEC
JNCIS-ENT, FWV, SSL, WLAN
JNCIA-ER, EX, IDP, UAC, WX
Juniper Networks Certified Instructor
Juniper Networks Ambassador

Juniper Elite Reseller
J-Partner Service Specialist - Implementation

If this worked for you please flag my post as an "Accepted Solution" so others can benefit. A kudo would be cool if you think I earned it.
Highlighted
Management

Re: Juniper MAG Unable to RDP

‎09-25-2012 04:25 PM

It's a MAG2600, got it setup as a SSL VPN. I have created both a resource profile and resource policy to enable RDP access but still no luck.

Highlighted
Management

Re: Juniper MAG Unable to RDP

‎09-26-2012 06:24 AM

Well there are some good troubleshooting tools - but I would ask - what error do you see? You can check the user log and you can also run policy trace and specify the user and type of event you are troubleshooting. You don't need to create both a resource policy and a resource profile. The resource profile will automatically build the appropriate policy for you.

 

Windows PC for your client? RDP works when done directly to the server inside your network? Login works, bookmark for RDP is displayed? User launches and then it fails? 

Kevin Barker
JNCIP-SEC
JNCIS-ENT, FWV, SSL, WLAN
JNCIA-ER, EX, IDP, UAC, WX
Juniper Networks Certified Instructor
Juniper Networks Ambassador

Juniper Elite Reseller
J-Partner Service Specialist - Implementation

If this worked for you please flag my post as an "Accepted Solution" so others can benefit. A kudo would be cool if you think I earned it.
Highlighted
Management

Re: Juniper MAG Unable to RDP

‎09-27-2012 02:09 PM

It works fine as a bookmark from the webpage from the MAG but I'm more after RDP access across Junos Pulse. I have a policy in place to allow access to our servers on 3389 but can't seem to get it working. Is what I'm trying to do not possible on the MAG series?

Highlighted
Management

hatRe: Juniper MAG Unable to RDP

‎09-27-2012 05:23 PM

Ok - If I understand what you are trying to do:

 

Login to the MAG - launch the RDP client from the source PC and use it to get to the resource -- NOT use the built in RDP from the MAG. If that is correct then you can certainly do that but you will need to use SAM or enable VPN tunneling.

 

You said you have a policy in place. Is it a VPN tunneling Access Control policy?

 

What you want to do is very straighforward and the MAG can handle it. I do it daily with ours.

Kevin Barker
JNCIP-SEC
JNCIS-ENT, FWV, SSL, WLAN
JNCIA-ER, EX, IDP, UAC, WX
Juniper Networks Certified Instructor
Juniper Networks Ambassador

Juniper Elite Reseller
J-Partner Service Specialist - Implementation

If this worked for you please flag my post as an "Accepted Solution" so others can benefit. A kudo would be cool if you think I earned it.
Highlighted
Management

Re: hatRe: Juniper MAG Unable to RDP

‎09-27-2012 06:11 PM

That's correct.

 

I have had a go at setting up VPN tunneling but had no luck with it. I have gone into Resource Policies > Network Connect > Network Connect Access Control and set it in there but still can't RDP however I can ping.

 

Would this suggest that I have an issue with the zone on the SRX that routes the traffic to it? I have set that up to route all traffic and haven't put any restrictions on it at the moment just to test.

 

Cheers.

Highlighted
Management

Re: hatRe: Juniper MAG Unable to RDP

‎09-28-2012 12:56 PM

Bizarre - I would do a packet capture - I just ran a quick test using my box with an NC access control policy of tcp://192.168.3.10:3389 only it worked just fine. 

 

If your SRX policy is any for your application definition then it won't block.

Kevin Barker
JNCIP-SEC
JNCIS-ENT, FWV, SSL, WLAN
JNCIA-ER, EX, IDP, UAC, WX
Juniper Networks Certified Instructor
Juniper Networks Ambassador

Juniper Elite Reseller
J-Partner Service Specialist - Implementation

If this worked for you please flag my post as an "Accepted Solution" so others can benefit. A kudo would be cool if you think I earned it.
Highlighted
Management

Re: Juniper MAG Unable to RDP

‎09-30-2012 03:53 PM

I've done a packet capture and can't really see anything wrong with it.

 

I have double checked the policies and I have it set to permit any application, it did have on the interface a while ago that it would only allow ping on that interface. The SRX also have a VPN on it that we use for system administration, would that make a difference?

 

I'll play around with again tonight and see what else I can find.

 

Thanks.

Highlighted
Management

Re: Juniper MAG Unable to RDP

‎10-01-2012 05:41 PM

I'm starting to think it's an issue elsewhere as when I run the policy test and simulation test it returns the attached results.

Attachments

Feedback