October 10, 2008 05:51pm pdt

1. RobWill 394,747
2. lrmoore 258,943
3. batry_boy 242,234
4. arnold 131,803
5. dpk_wal 82,395
6. mwecom... 71,149
7. Qlemo 58,860
8. ebjers 52,450
9. MrHusy 44,020
10. mkielar 42,800
11. Voltz-dk 42,170
12. TechSoEasy 39,389
13. Cyclops3... 36,840
14. tigermatt 34,925
15. keith_ala... 32,096
16. trinak96 28,315
17. rsivanandan 27,780
18. from_exp 25,775
19. 2PiFL 24,725
20. JFrederic... 23,480
21. rowansmith 23,375
22. PeteLong 21,475
23. _jesper_ 21,150
24. stuknhaw... 21,075
25. RPPreacher 20,450

1. RobWill 1,547,640
2. lrmoore 1,059,686
3. batry_boy 416,944
4. grblades 215,434
5. rsivanandan 156,746
6. dpk_wal 135,395
7. arnold 133,803
8. TechSoEasy 112,468
9. calvinetter 112,055
10. mwecom... 88,949
11. keith_ala... 86,935
12. MrHusy 77,294
13. tim_holman 75,964
14. Qlemo 74,953
15. Cyclops3... 72,785
16. Voltz-dk 72,270
17. ewtaylor 68,324
18. PeteLong 64,331
19. plemieux72 64,143
20. trinak96 63,165
21. nodisco 58,930
22. ebjers 57,450
23. blin2000 52,944
24. magicomm... 46,625
25. poweruse... 45,641

05.16.2008 at 08:33AM PDT, ID: 23408649

	[x] Attachment Details

[x]

The Solution Rating System

With so many solutions, how can you tell which solutions are most likely to help you and which ones are not? To provide you with a tool to use, we rate our solutions based on various elements that most accurately determine if a solution is a quality solution. To explain what factors affect the solution rating, here are the elements we take into consideration when formulating our solution rating.

The Grade of the Solution
The Zone Rank of the Expert Providing the Solution
The Number of Author and Expert Comments
The Number of Experts Contributing
The Feedback of the Community

Your Input Matters
Because of the way the system is set up, the most important variable in this equation is you. As a member of Experts Exchange, you are able to cast your vote on the quality of the solutions in regard to how complete, accurate, helpful and easy to understand each solution is. When you provide your feedback, each rating is adjusted accordingly. So, if you see a solution that has a poor rating that you think is a good solution, let us know by rating it. As you do, the rating will be adjusted and will become more accurate for other members of our site.

If you have any suggestions that you would like to make for our rating system, please ask a question in the Suggestions Zone of Community Support.

Thank you!

9.3

remote desktop out from behind firewall

Asked by dmaloney1009 in Virtual Private Networking (VPN), IPSec Security Protocol, Cisco PIX Firewall

Tags: Cisco, VPN, ASA 5505, remote desktop connection

Here are the specifics....
I am trying to remote desktop to a connected vpn client ip 10.1.1.245.
1. I have enabled remote desktop on the connected machine.
2. The network of the connected machine is 192.168.1.0
3. I have downed the filters on our BorderManager server.
4. I can ping the connected machine...ip 10.1.1.245
5. The connected machine can remote desktop into a machine on the inside. They can log into the network no problem.
6. The connected machine gets itself as the gateway.
Any help would be appreciated.

ASA Version 7.2(2)
!
hostname LVASA
domain-name westernregion.poggemeyer.local
enable password D7DVx3Xm0JjkQyYW encrypted
names
!
interface Vlan1
nameif inside
security-level 100
ip address 10.1.1.250 255.255.255.0
!
interface Vlan2
nameif outside
security-level 0
ip address 209.170.219.72 255.255.255.224
!
interface Ethernet0/0
switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
!
passwd 2KFQnbNIdI.2KYOU encrypted
ftp mode passive
dns server-group DefaultDNS
domain-name westernregion.poggemeyer.local
access-list OutsideIn extended permit icmp any any echo-reply
access-list OutsideIn extended permit icmp any any unreachable
access-list OutsideIn extended permit icmp any any time-exceeded
access-list OutsideIn extended permit icmp any any traceroute
access-list inside_nat0_outbound extended permit ip any 10.1.1.240 255.255.255.2
40
access-list inside_access_in extended permit icmp any any
access-list inside_access_in extended permit tcp 10.1.1.0 255.255.255.0 eq telne
t interface inside eq telnet
pager lines 24
logging enable
logging buffered debugging
logging asdm informational
mtu inside 1500
mtu outside 1500
ip local pool Main 10.1.1.245-10.1.1.249 mask 255.255.255.0
ip verify reverse-path interface outside
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-522.bin
asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 0 access-list inside_nat0_outbound
nat (inside) 1 0.0.0.0 0.0.0.0
access-group inside_access_in in interface inside
access-group OutsideIn in interface outside
route outside 0.0.0.0 0.0.0.0 209.170.219.66 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
group-policy Main internal
group-policy Main attributes
dns-server value 10.1.1.254
vpn-tunnel-protocol IPSec
username admin password NYYO0k2DBYdram7A encrypted privilege 15
username dmaloney password IJvHb123PpEnRi2D encrypted
username dmaloney attributes
vpn-group-policy Main
vpn-tunnel-protocol IPSec l2tp-ipsec
username biztech password bmrl9y4UT5ZLTrx3 encrypted privilege 15
username hughesm password uK5cn1dF6PKhctUj encrypted
http server enable
http 10.1.1.0 255.255.255.0 inside
http 192.168.1.0 255.255.255.0 inside
http 192.168.3.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto dynamic-map outside_dyn_map 20 set pfs
crypto dynamic-map outside_dyn_map 20 set transform-set ESP-3DES-SHA
crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map
crypto map outside_map interface outside
crypto isakmp enable inside
crypto isakmp enable outside
crypto isakmp policy 10
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
tunnel-group Main type ipsec-ra
tunnel-group Main general-attributes
address-pool Main
default-group-policy Main
tunnel-group Main ipsec-attributes
pre-shared-key *
telnet timeout 5
ssh 192.168.3.0 255.255.255.0 inside
ssh 12.111.227.177 255.255.255.255 outside
ssh 0.0.0.0 0.0.0.0 outside
ssh timeout 15
ssh version 2
console timeout 0

!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
!
service-policy global_policy global
prompt hostname context
Cryptochecksum:6f0f92cd32e0ee86bb13e6ae6824661c
Start Free Trial

Keywords: remote desktop out from behind firewall

	Title
1	IPSec VPN
2	Trouble using Cisco VPN client behind …
3	Cisco IPSec VPN crashing when chan…
4	Cisco ASA 5505 IPSec VPN Client a…
5	How do i route traffic from the IP of the…
6	How to configure ASA 5540 to allo…

Loading Advertisement...

20080716-EE-VQP-32 / EE_QW_2_20070628

remote desktop out from behind firewall

Asked by dmaloney1009 in Virtual Private Networking (VPN), IPSec Security Protocol, Cisco PIX Firewall

Tags: Cisco, VPN, ASA 5505, remote desktop connection

About this solution