• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 3394
  • Last Modified:

Juniper Networks SSG-5 Port Forwarding (RDP)

Can someone please help me port forward RDP on my Juniper SSG-5-Serial. I am not familiar with the cmd line so can you direct me how to do it through the netscreen. I have tried everything I could find on this site with no success.
0
bush32
Asked:
bush32
  • 5
  • 5
  • 2
2 Solutions
 
cdfsCommented:
Use the Web-UI, the steps are described in http://kb.juniper.net/InfoCenter/index?page=content&id=KB4740
0
 
bush32Author Commented:
I found this link online as well I did all the steps exactly as outlined and it still does not work.
0
 
mindwiseCommented:
perhaps your netscreen has a private address (192.168, or 10.xxx or 172.16/32.x.x , then you also need to configure port forwarding on your internet router...

We'll need a bit more info to be able to help you....  can you post the config (relevant parts, i.e the vip and the policy ?)

ty
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
bush32Author Commented:
Here are the relevant screen shots. If you need anything more don't hesitate to ask.
ssg-5-1.JPG
ssg-5-2.JPG
ssg-5-3.JPG
ssg-5-4.JPG
ssg-5-5.JPG
0
 
cdfsCommented:
Judging from the screenshots, there could be two possible problems here. The first one is your policy. You are allowing traffic from any to the real IP of your server. Refering to the KB-article I posted you should allow traffic to the VIP. Second possible problem is your interface setting. You seem to to get your external IP by DHCP over PPPoE. Are you sure, that the 69.7.3.6 is in the same subnet and usable as your external IP bound to eth0/0? Also keep in mind, the VIP has to be a different IP than the one bound to the interface.
0
 
mindwiseCommented:
Hi Bush,

I've not had a chance to look at the screenshots yet, however it seems cdfs's did and found a potential error (the destination of the policy needs to be the vip).

since you're running an ssg5, you should be able to set the vip as "same as interface" (or something like that"  so the
Also keep in mind, the VIP has to be a different IP than the one bound to the interface.
 doesn't really apply (that applies to the "bigger boxes" :)

keep us posted of the progress :)

/M
0
 
mindwiseCommented:
Hi Bush, i took a look at the pictures and please change the following:


picture 3, rdp:
Change the transport protocol to tcp, and the source port range to 1-65535

picture 4, rule:
Change the destination address "any" to the VIP you have created.

picture 5 policy:
remove rule ID 2 (any any any).

that should do it, you might want to turn on logging on the policy id 3 so you can verify traffic is hitting that rule.

Kr,
0
 
bush32Author Commented:
I have tried all your suggestions. Still no progress. I am going to try and get some certified support.
0
 
mindwiseCommented:
sure dude, take care.
0
 
bush32Author Commented:
I managed to get it working with the help of Juniper Tech Support, it was surprisingly easy to setup an account with them and get free support, I am attaching a picture of the single change that was required to make it function.
SSG-Working.jpg
0
 
mindwiseCommented:
Good, happy it's working now :)

Have a great weekend.
0
 
bush32Author Commented:
I was directing it to the incorrect VIP
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

  • 5
  • 5
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now