Sonicwall TZ170 won't pass through for Remote Desktop

I have a Sonicwall TZ170 hooked to a remote network. I have configured it to pass port 3389 from WAN to LAN/[designated inside IP's] and from LAN[designated IP's] to WAN. I can ping the firewall, which sits on a public address. The Sonicwall GVPN client connects just fine. But from there I cannot Remote Desktop to any systems (their firewalls are off, there is no local IP filtering, and RD is enabled). For that matter, with the GVPN client connected I cannot ping any inside addresses by number or name (NetBIOS pass-through is enabled). Otherwise the firewall seems to work fine. I have been all over Microsoft and Sonic's websites looking for the answer, but can't find it, so I thought I'd see what the experts think. Is there a complimentary protocol required? Both TCP and UDP are allowed on 3389. I could sure use some suggestions. Thank you.
LVL 1
214-042308Asked:
Who is Participating?
 
ccomleyConnect With a Mentor Commented:
OK one step at a time.

You enabled the Group VPN profile?
You exported the settings from that to the GVPN client config?
Once you connect, what Ip address does the remote session have?
Can you PING any "local" resource from the connected  GVPN client?

When you set up the GVPN client, does the status window show that the connection to the the host network has been established?

On the host sonicwall, in section "VPN" subsection "DHCP over VPN" what is the config?


0
 
ccomleyCommented:
You do NOT need to craete ANY firewall rules for a GVPN client to access resources on the LAN (unless you have turned on the non-standard checkbox which forces VPN traffic to be filtered through the access ruleset). By default the action of the GVPN client is to attach you as if you were on the local network. It does this in part by giving you an IP address on the local network which it must derive either from tis own DHCP or by DHCP realy from your main DHCP server - and this is the bit that most folk don't have configured correctly.

Once your GVPN is working, you SHOULD be able to get a PING back from any device on the LAn which is responding to ping (don't assume the firewall will!). So fix  that first.

THEN I THINK youl'l find that RD just works. Does for me. :-)

0
 
214-042308Author Commented:
Nope - that's not it. I do have DHCP turned on at the firewall and it is handing out addresses to local systems just fine. If I fire up the Global VPN client it connects just fine but I still cannot use remote desktop. The "Group VPN" is enabled. My account validates and connects. But from there - nothing. No pinging inside address, no remote desktop, not even telnet.

Supposedly there are only three steps to make this work:
1. Install Global VPN Client and configure with local user account info under firewall's VPN settings.
2. Define access rule to allow TCP and UDP to pass through firewall on port 3389.
3. Load GVPN, validate, and fire up Remote Desktop.

But, alas, this is not the case. Still floundering looking for the answer.
0
Simple Misconfiguration =Network Vulnerability

In this technical webinar, AlgoSec will present several examples of common misconfigurations; including a basic device change, business application connectivity changes, and data center migrations. Learn best practices to protect your business from attack.

 
ccomleyCommented:
Oh - is your Sonicwall on Standard or Enhanced OS?  It makes a different to the rules!   (The good news is Standard is being phased out, so the difference will go away in another few months.)

0
 
214-042308Author Commented:
I'll check all these things and get back to the question. Appreciate you staying with it.
0
 
214-042308Author Commented:
Ok ccomley - you earned your points! After trying everything I could think of, I re-read your post #4 - while it was not dead-on, it did lead me in the right direction. After attempting a 3rd time to import the .RCF file, it somehow got it right. Then I set the firewall to turn off NAT and Firewall rules for VPN users only and voila! Works like a charm. Kudos.
0
 
ccomleyCommented:
Glad you got there!
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.