Solved

changed IP and name of terminal server, now no one can access it!

Posted on 2011-09-28
16
472 Views
Last Modified: 2012-05-12
I'm doing a restructure of our internal network and I changed the static IP of our terminal server (which is not on a domain) to near the end of the range rather than the middle.
I also changed the name of it from "new-tserver" (because it is far from new now) to "rdp-server".
I've done a number of restarts, but no one can access it (using the normal RDC in windows) from OUTSIDE our office.  We can access it internally by typing in 192.168.1.253, but if someone is outside the office, they'd normally type our DSL's external IP.... this isn't working now.
0
Comment
Question by:Reece Dodds
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 9
  • 4
  • 3
16 Comments
 
LVL 1

Expert Comment

by:archmuk
ID: 36812722
I understand that if someone has to access this server from outside the office, he has to come through firewall (or gateway security as implemented). Since you have changed both IP & name, you need to make the rules accordingly at the firewall for access from outside, only then the DSL / router / firewall can redirect the request to the terminal server at the nw IP.
Regards
Archmuk
0
 
LVL 7

Author Comment

by:Reece Dodds
ID: 36812739
i did that.
We have a Juniper NetScreen-25 firewall and the RDP (TCP 3389) service was already there.
The policy was already there too, all I did was change the destination address.

I don't know what is going on...
0
 
LVL 23

Expert Comment

by:yo_bee
ID: 36812773
What are you using as a dest address (ip or name)?
0
Will You Be GDPR Compliant by 5/28/2018?

GDPR? That's a regulation for the European Union. But, if you collect data from customers or employees within the EU, then you need to know about GDPR and make sure your organization is compliant by May 2018. Check out our preparation checklist to make sure you're on track today!

 
LVL 7

Author Comment

by:Reece Dodds
ID: 36812781
i've tried the new IP and the private IP range (192.168.1.0/24) and the option "ANY"

is there something on the terminal server that needs to be modified?
(but don't forget we can access it with RDC using the local IP)
0
 
LVL 1

Assisted Solution

by:archmuk
archmuk earned 100 total points
ID: 36812843
Have you  NATed the internal IP also ? can u check the firewall log to see what is blocking the request?
 
0
 
LVL 7

Author Comment

by:Reece Dodds
ID: 36812979
i've NATed it now, and turned on logging...
I had someone outside our office try again and they can't connect.
The log shows:

2011-09-29 16:19:54      
DESTINATION= 165.228.xxx.yyy:3389      
SOURCE= 165.228.xxx.yyy:3482      
TRANSLATED DESTINATION= 192.168.1.204:3389         
SERVICE= TCP PORT 3389      
DURATION= 21 sec.      
BYTES SENT= 132      
BYTES RECEIVED= 0

The translated destination it shows is the old local IP.  The new one is .253
0
 
LVL 7

Author Comment

by:Reece Dodds
ID: 36813106
i think i found where the problem is...
in the firewall, under interfaces, I can see the "ethernet3" interface, which connects to the DSL modem.
It's public IP is assigned by the ISP, which I can't change, but if I look at the MIP page (there is Basic, MIP, DIP, VIP, Track IP and Track IP Options), I can see a MIP existing that has our public IP as the Mapped IP and the terminal server's old private IP as the Host IP.    It says that it's "In Use".
There is no option to delete or edit this, but I can create a new one.
If I do this and set it up the way I think it should go, then click OK, I get an error that says "One IP in range [165.228.xxx.yyy-165.228.xxx.yyy] is in use!! Mip: can't be added"
0
 
LVL 1

Expert Comment

by:archmuk
ID: 36813496
Is the server mapped IP the same as the DSL modem public IP provided by the ISP?
I can suggest a work around, as you have not changed the subnet, why do you not configure an additional IP which is the old IP on the server network adapter in use? (through advanced tab in the TCP/IP properties)
0
 
LVL 23

Expert Comment

by:yo_bee
ID: 36814193
Can you reboot the router?
0
 
LVL 7

Author Comment

by:Reece Dodds
ID: 36818770
ok, the issue is definately in the juniper firewall.
i changed the IP back to 192.168.1.204 and rebooted and external staff can access it fine.

I really do want to move this server to an end-range IP, so I somehow need to change/delete this MIP in the firewall.
Any ideas how I can do this?
0
 
LVL 7

Author Comment

by:Reece Dodds
ID: 36818772
@archmuk:  yes, the mapped IP is the same as the public IP the DSL modem gets given by the ISP...
0
 
LVL 23

Expert Comment

by:yo_bee
ID: 36818791
Did you try rebooting router?
0
 
LVL 7

Author Comment

by:Reece Dodds
ID: 36818841
yes, I have rebooted the Juniper firewall and the d-link DSL modem... twice.
Once with the RDP server's IP set as 1.204 and once with it set as 1.253

I can see how to create a MIP, but how do I delete or modify an existing one?  I assume it has something to do with it being "in use", but how can I even change that status?
0
 
LVL 23

Accepted Solution

by:
yo_bee earned 400 total points
ID: 36819027
Have you read this kb article ?
http://kb.juniper.net/InfoCenter/index?page=content&id=KB6659&cat=NS_5XP&actp=LIST

Looks like you need to remove the policy first then you can modify or delete the MIP.
0
 
LVL 7

Author Closing Comment

by:Reece Dodds
ID: 36819076
looking at the logs helped me find that it was being forwarded via a MIP not using NAT.
0
 
LVL 7

Author Comment

by:Reece Dodds
ID: 36819079
thanks guys
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Cisco ASA 3 50
ASA Tunnel 18 54
Draytek (Site to Site VPN using IPSec) 6 97
Want Win 10 Pro to search like Server 2010 or 2012 27 154
We sought a budget ($5,000) firewall solution that would provide all the performance we needed with no single point of failure.  Hosting a SAAS web application in our datacenter, it was critical that we find a way to keep connectivity up and inbound…
I found an issue or “bug” in the SonicOS platform (the firmware controlling SonicWALL security appliances) that has to do with renaming Default Service Objects, which then causes a portion of the system to become uncontrollable and unstable. BACK…
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…
How to Install VMware Tools in Red Hat Enterprise Linux 6.4 (RHEL 6.4) Step-by-Step Tutorial

738 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question