Juniper Networks SSG-5 Port Forwarding (RDP)

Can someone please help me port forward RDP on my Juniper SSG-5-Serial. I am not familiar with the cmd line so can you direct me how to do it through the netscreen. I have tried everything I could find on this site with no success.
bush32Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

cdfsCommented:
Use the Web-UI, the steps are described in http://kb.juniper.net/InfoCenter/index?page=content&id=KB4740
0
bush32Author Commented:
I found this link online as well I did all the steps exactly as outlined and it still does not work.
0
mindwiseCommented:
perhaps your netscreen has a private address (192.168, or 10.xxx or 172.16/32.x.x , then you also need to configure port forwarding on your internet router...

We'll need a bit more info to be able to help you....  can you post the config (relevant parts, i.e the vip and the policy ?)

ty
0
Firewall Management 201 with Professor Wool

In this whiteboard video, Professor Wool highlights the challenges, benefits and trade-offs of utilizing zero-touch automation for security policy change management. Watch and Learn!

bush32Author Commented:
Here are the relevant screen shots. If you need anything more don't hesitate to ask.
ssg-5-1.JPG
ssg-5-2.JPG
ssg-5-3.JPG
ssg-5-4.JPG
ssg-5-5.JPG
0
cdfsCommented:
Judging from the screenshots, there could be two possible problems here. The first one is your policy. You are allowing traffic from any to the real IP of your server. Refering to the KB-article I posted you should allow traffic to the VIP. Second possible problem is your interface setting. You seem to to get your external IP by DHCP over PPPoE. Are you sure, that the 69.7.3.6 is in the same subnet and usable as your external IP bound to eth0/0? Also keep in mind, the VIP has to be a different IP than the one bound to the interface.
0
mindwiseCommented:
Hi Bush,

I've not had a chance to look at the screenshots yet, however it seems cdfs's did and found a potential error (the destination of the policy needs to be the vip).

since you're running an ssg5, you should be able to set the vip as "same as interface" (or something like that"  so the
Also keep in mind, the VIP has to be a different IP than the one bound to the interface.
 doesn't really apply (that applies to the "bigger boxes" :)

keep us posted of the progress :)

/M
0
mindwiseCommented:
Hi Bush, i took a look at the pictures and please change the following:


picture 3, rdp:
Change the transport protocol to tcp, and the source port range to 1-65535

picture 4, rule:
Change the destination address "any" to the VIP you have created.

picture 5 policy:
remove rule ID 2 (any any any).

that should do it, you might want to turn on logging on the policy id 3 so you can verify traffic is hitting that rule.

Kr,
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
bush32Author Commented:
I have tried all your suggestions. Still no progress. I am going to try and get some certified support.
0
mindwiseCommented:
sure dude, take care.
0
bush32Author Commented:
I managed to get it working with the help of Juniper Tech Support, it was surprisingly easy to setup an account with them and get free support, I am attaching a picture of the single change that was required to make it function.
SSG-Working.jpg
0
mindwiseCommented:
Good, happy it's working now :)

Have a great weekend.
0
bush32Author Commented:
I was directing it to the incorrect VIP
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Hardware Firewalls

From novice to tech pro — start learning today.