asked on

Use Remote Desktop between Domains

Please see the attachment, in Short: I am the network admin for Domain A, which is the Forest root for Domain A and Domain B. The domains are located in separate states connected by a MPLS Link. We have VPN setup on a Cisco ASA 5510 located at Domain A. We have setup users from Domain B to be able to connect to the VPN, which they successfully can; although, when they try to use Remote Desktop to connect to their PCs at Domain B the session fails to located their PCs. PCs located at Domain A can be successfully remoted into with no problem. Is this an issue with VPN, DNS/WINS, Remote Desktop, or something else I am missing?
RemoteDesktop.xls

Irwin W.

Are they connecting via the IP or the FQDN of the workstation?

Do you have a server on Domain A that you can try and connect to via RDP and does it work?

McNetic

I think the issue can have multiple reasons, but my first guess is that the sites (A and B) use different IP subnets. The VPN concentrator has to push a route for the subnet of site B to the client. If it does not (you can check this on the home users computer with the 'route print' command, the home users computers has not idea where to send packets to said subnet.

tlowe2

ASKER

We have tried both, IP address; computer1.domainb.com.
Yes, if the user first remotes in to a PC on Domain A, then they can remotes in to a PC on Domain B. But you can see were that is not desirable, we don't want Domain B employees remoteing in to a Domain A PC just to get to a PC on Domain B. If possible they need to be able to access PCs on Domain B, from the VPN Connection.

tlowe2

ASKER

Thanks McNetic...and yes they are on different subnets. Is there a way I can configure the VPN, in the ASA, to allow for the traffic to be routed?

McNetic

Unfortunately, I don't know about configuration of the Cisco ASA, but I'm quite sure that it is possible to configure this, as this is not an uncommon setup.

It should also be possible to manually configure the route in the client computer after the connection is set up by executing a 'route add <subnet ip> mask <subnet mask> <gateway ip>', where subnet ip and subnet mask are the addresses of the subnet of site B and gateway ip is the ip address the client computer got assigned by the vpn device.

tlowe2

ASKER

Thanks again McNetic...for some reason the route add isn't working either. When I add in the route, it doesn't show up in the route print. I think maybe I need to look at this from the VPN config point of view. Even if the route add works, that means it needs to be done manually on each client PC, each time they connect to the VPN...and trying to talk a user through that each time would be a nightmare.

mgpremkumar

You would need to look at at the following details:

1. Route print from a home users machine after connecting to the VPN
2. Route print from the ASA after the VPN is established
3. Route print from the machine on domain B to which the user is trying to connect

The routes should be such that the home user can reach the machine in domain B and the machine in domain B should also know how to get back to the home users machine.

If you can update the attached file with the ip address and route print would be easier.

The route adds need not be done manually. If you are using a Microsoft DHCP to assingn IP address to the client machine then you can use the scope option 249 (classless static route) to push static routes to the vpn client machines.

Alternatively you can also use active directory to configure static routes on a per user basis. refer: http://technet.microsoft.com/en-us/library/cc728159.aspx

ASKER CERTIFIED SOLUTION

McNetic

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

tlowe2

ASKER

Updated File with route prints for the VPN Client and destination client on Domain B...
Copy-of-RemoteDesktop-1-.xls