Jesse2035
asked on
Need to RDP to a LAN desktop using a port# with only 1 dedicated WAN IP on Sonicwall TZ100
I have a Sonicwall TZ100 (SonicOS Enhanced 5.6) and only 1 static WAN IP.
Our SBS server is already making use of this public IP and I need to give RDP access to 2 different users to their desktop.
I have seen it done on an older SonicWall before where users are given the WAN IP with port number and they are forwarded to their desktop. I just don't know how to do it.
Ex. Public IP 24.24.24.24
user goes to 24.24.24.24:2355 to RDP to their desktop @ 192.168.1.10
user 2 goes to 24.24.24.24:2356 to RDP to their desktop @ 192.168.1.20
Our SBS server is already making use of this public IP and I need to give RDP access to 2 different users to their desktop.
I have seen it done on an older SonicWall before where users are given the WAN IP with port number and they are forwarded to their desktop. I just don't know how to do it.
Ex. Public IP 24.24.24.24
user goes to 24.24.24.24:2355 to RDP to their desktop @ 192.168.1.10
user 2 goes to 24.24.24.24:2356 to RDP to their desktop @ 192.168.1.20
Here is a link with some screenshots that should give you what you are looking for:
https://www.fuzeqna.com/sonicwallkb/consumer/kbdetail.asp?kbid=4535
https://www.fuzeqna.com/sonicwallkb/consumer/kbdetail.asp?kbid=4535
ASKER
@Spartan,
I already ran through the public server wizard, but using the wizard did not work.
I need everyone to be able to RDP to 24.24.24.24:2355 or whatever port number I assign.
I already ran through the public server wizard, but using the wizard did not work.
I need everyone to be able to RDP to 24.24.24.24:2355 or whatever port number I assign.
ASKER
Sorry, you posted the second time as I was typing my reply. I am looking at the links you provided. I will update in about 20 mins.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Create an Address Object for each PC. Create a Service for each custom port. Create a NAT policy for the new service to the particular PC.
Original Source = Any; Translated Source = Original; Org Destination = WAN IP; Trans Dest = PC1; Org Service = Custom service 1
Original Source = Any; Translated Source = Original; Org Destination = WAN IP; Trans Dest = PC1; Org Service = Custom service 1
ASKER
So, The wizard did not work and niether did the provided links.
This is what I have setup:
Original Source = Any
Translated Source = Original
Org Destination = WAN Primary IP
Trans Dest = PC1
Org Service = Custom service TCP 2355
Translated service = TCP 3389
Enable NAT Policy box is checked
This is what I have setup:
Original Source = Any
Translated Source = Original
Org Destination = WAN Primary IP
Trans Dest = PC1
Org Service = Custom service TCP 2355
Translated service = TCP 3389
Enable NAT Policy box is checked
On the workstation, do you have the listening port for RDP changed to 2355? Here is a MS KB on how to do that, just in case.
http://support.microsoft.com/kb/306759
Also, do you have a reflexive NAT policy created? If you ran the wizard, you should get three. Ingress, which is what you have above; egress, which is LAN > WAN; loopback.
The NAT policy looks correct.
http://support.microsoft.com/kb/306759
Also, do you have a reflexive NAT policy created? If you ran the wizard, you should get three. Ingress, which is what you have above; egress, which is LAN > WAN; loopback.
The NAT policy looks correct.
If you set static IP's on the specific PC's, you can create address objects for the PC's and set services up for each port you want to use, then use NAT for the port forwarding.
This way you do not need to change the listening port on the PC's although doing that will work.
This way you do not need to change the listening port on the PC's although doing that will work.
That's a good point and looking back at the posts, I see that the port is being NAT'd back to 3389. I recall that I'd switched those in my brain thinking the ports were the other way around. Sigh...as it is, this should be working taking into account static IP assignment on the LAN hosts as wtandrews pointed out.
Perhaps the firewall on the LAN hosts?
Perhaps the firewall on the LAN hosts?
Yeah, at this point, if everything is setup as stated, it sounds like it is being blocked at the workstations, which would likely suggest firewall settings.
Might check remote desktop users group also.
ASKER
It is not being blocked by the desktop, and the port is being translated from 2355 to 3389.
Is there a way to do a text output of the configuration to post on here like a Cisco device or the SonicWall strictly GUI?
Is there a way to do a text output of the configuration to post on here like a Cisco device or the SonicWall strictly GUI?
You can generate a TSR report and copy and past that here. You have to be careful, though. That TSR can reveal your whole SW configuration including VPN keys and it's not straight forward when you look at it. You can find the TSR here: System > Diagnostics.
Can you doublecheck that there is an egress NAT rule? You should have this NAT rule if you used the public server wizard. It should look like this:
Original: Internal host
Translated: Public IP
Destination: Any
Translated: Original
Original Service: 3389
Translated: 2355
Can you doublecheck that there is an egress NAT rule? You should have this NAT rule if you used the public server wizard. It should look like this:
Original: Internal host
Translated: Public IP
Destination: Any
Translated: Original
Original Service: 3389
Translated: 2355
ASKER
This worked on another Sonicwall I used for testing. It will not work on the Sonicwall i needed it to work on though. I suggested the users try logmein instead and that seemed to make them happy.
I did verify your solution worked though. That you for your help.
I did verify your solution worked though. That you for your help.
You're welcome. Thank you for the points!
This will take care of setting up the access and all you will have to do is plug in the correct IP's and port numbers you want to use.