I need help configuring a netscreen/Juniper NS5GT firewall so that someone from outside can connect to a server on our LAN (IP address is 10.10.10.3) through Windows Remote Desktop.
Here is what I have tried and is NOT working.
I created a new custom service object named "MSTSC (desktop sharing)" with parameters of:
TCP src port: 0-65535, dst port: 3389-3389
UDP src port: 0-65535, dst port: 3389-3389
Then I created a new policy from Untrust to Trust with the following parameters:
Source Address: any
Destination address: any
Service: MSTSC (desktop sharing)
Antivirus profile: none
And under "Advanced"
NAT-Destination Translation is checked with Translate to IP set to 10.10.10.3 (map to port is unchecked)
Authetication is unchecked
Traffic shaping is unchecked
I have two other policies from Untrust to Trust: One is to allow pinging (not sure it is doing anything) and one that was used to set up our VPN (which is working). Both of those policies come before this new one I created for desktop sharing.
I only have one policy from Trust to Untrust which permits anything from any address to any address.
From outside the company LAN (e.g., at home), I try to connect through Remote Desktop sharing (from Win XP Pro) to the public IP address we all have when we are on the LAN (i.e., what www.showmyIP.com
reports when I'm at the office), but the Remote Desktop App on my computer doesn't seem to be able to get a response from the server (don't remember the exact message, but it seems to time out)
I'm also planning to modify the policy to specify the From IP address for better security once I get it working, but let me know if you have any suggestions related to that or other issues of security.