Sonicwall TZ 170 Port Forward issue

I have a Sonicwall TZ 170 wireless firewall running Standard OS.
The wirless side is configured for guest access only and works fine to access Internet only.

The LAN setup consists of 2 internal private IP's where one is lets say 10.10.100.10 for the Sonicwall LAN IP and another 10.10.100.11 which is connected to a Cisco router. The Cisco router in turn routes to the secondary LAN segment of 10.10.180.xxx where all the internal workstations reside.
All traffic from both the wireless network and the secondary LAN network can access the Internet fine but I cannot seem to get the RDP Port Forward working to reach the Terminal Server on the secondary LAN.
I have created a Static route on the Sonicwall to the secondary LAN and it is acknowledged when I use the Sonicwall diagnostics to find network path so it knows how to get there.
I have also created a rule to allow=any service=RDP (port 3389) source=* destination= LAN IP of the TServer, but it doesn't seem to work.

I only want to be able to allow RDP port 3389 in to a terminal server on the Secondary LAN side.
Can this be done without using the OPT port and having to get another Public IP assigned?

Thanks
edburgAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

AdamRobinsonCommented:
While you likely have done this, be sure to check your Access Rules for any DENY that may be affecting you.  In my experience with the TZ 170, a deny may overrule an allow, no matter what you do.  Also, be sure your secondary network isn't defined as WAN, while you're trying to route through LAN.
0
edburgAuthor Commented:
Thanks
The rules all look fine in that regard and the route is defined as LAN.
0
AdamRobinsonCommented:
Are you sure it's being blocked on the Sonicwall?  Turn all of your logs on in there and verify.
0
Big Business Goals? Which KPIs Will Help You

The most successful MSPs rely on metrics – known as key performance indicators (KPIs) – for making informed decisions that help their businesses thrive, rather than just survive. This eBook provides an overview of the most important KPIs used by top MSPs.

edburgAuthor Commented:
Well, a port scan doesn''t reveal it as open or filtered as it does with the other common ports so I asumed that the Sonicwall device wasn't passing the RDP packets.
Let me refine the question again .... Soniwall TZ 170 Standard OS
1) Do I require a  1-1Nat in order to reach the Terminal Server on the LAN side and if so, can this be done with just the main Public IP that is assigned to the Sonicwall WAN interface?
2) In order to have this work do I need to have both a 1-1NAT setup and a specified allow rule for the RDP port I want to open, or do I just need the simple rule to allow RDP?
I think question (1) is the biggest question in this case.


0
jmilczekCommented:
Assign a workstation an IP of 10.10.100.x and connect it directly to one of the WAN ports then modify and test your rule. This will help you determine if the Cisco is a problem.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
edburgAuthor Commented:
It was determined that it was the Cisco router that was not passing the packets.
Issue has been resolved.
0
edburgAuthor Commented:
The solution was actually resolved the day after I first posted but I will give the credit anyway as the suggested solution was in fact what I did to discover that the Cisco was the problem.

Thanks to all who posted on the topic ....
0
jmilczekCommented:
Correction to my previous post in case someone else reads this:

Assign a workstation an IP of 10.10.100.x and connect it directly to one of the LAN ports on the SonicWall then modify and test your rule. This will help you determine if the Cisco is a problem.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Routers

From novice to tech pro — start learning today.