Solved

Juniper Networks SSG-5 Port Forwarding (RDP)

Posted on 2012-03-28
12
3,189 Views
Last Modified: 2012-06-27
Can someone please help me port forward RDP on my Juniper SSG-5-Serial. I am not familiar with the cmd line so can you direct me how to do it through the netscreen. I have tried everything I could find on this site with no success.
0
Comment
Question by:bush32
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 5
  • 2
12 Comments
 
LVL 5

Expert Comment

by:cdfs
ID: 37780407
Use the Web-UI, the steps are described in http://kb.juniper.net/InfoCenter/index?page=content&id=KB4740
0
 

Author Comment

by:bush32
ID: 37781608
I found this link online as well I did all the steps exactly as outlined and it still does not work.
0
 
LVL 5

Expert Comment

by:mindwise
ID: 37784566
perhaps your netscreen has a private address (192.168, or 10.xxx or 172.16/32.x.x , then you also need to configure port forwarding on your internet router...

We'll need a bit more info to be able to help you....  can you post the config (relevant parts, i.e the vip and the policy ?)

ty
0
Surfing Is Meant To Be Done Outdoors

Featuring its rugged IP67 compliant exterior and delivering broad, fast, and reliable Wi-Fi coverage, the AP322 is the ideal solution for the outdoors. Manage this AP with either a Firebox as a gateway controller, or with the Wi-Fi Cloud for an expanded set of management features

 

Author Comment

by:bush32
ID: 37785263
Here are the relevant screen shots. If you need anything more don't hesitate to ask.
ssg-5-1.JPG
ssg-5-2.JPG
ssg-5-3.JPG
ssg-5-4.JPG
ssg-5-5.JPG
0
 
LVL 5

Expert Comment

by:cdfs
ID: 37785781
Judging from the screenshots, there could be two possible problems here. The first one is your policy. You are allowing traffic from any to the real IP of your server. Refering to the KB-article I posted you should allow traffic to the VIP. Second possible problem is your interface setting. You seem to to get your external IP by DHCP over PPPoE. Are you sure, that the 69.7.3.6 is in the same subnet and usable as your external IP bound to eth0/0? Also keep in mind, the VIP has to be a different IP than the one bound to the interface.
0
 
LVL 5

Expert Comment

by:mindwise
ID: 37785787
Hi Bush,

I've not had a chance to look at the screenshots yet, however it seems cdfs's did and found a potential error (the destination of the policy needs to be the vip).

since you're running an ssg5, you should be able to set the vip as "same as interface" (or something like that"  so the
Also keep in mind, the VIP has to be a different IP than the one bound to the interface.
 doesn't really apply (that applies to the "bigger boxes" :)

keep us posted of the progress :)

/M
0
 
LVL 5

Accepted Solution

by:
mindwise earned 500 total points
ID: 37790935
Hi Bush, i took a look at the pictures and please change the following:


picture 3, rdp:
Change the transport protocol to tcp, and the source port range to 1-65535

picture 4, rule:
Change the destination address "any" to the VIP you have created.

picture 5 policy:
remove rule ID 2 (any any any).

that should do it, you might want to turn on logging on the policy id 3 so you can verify traffic is hitting that rule.

Kr,
0
 

Author Comment

by:bush32
ID: 37802246
I have tried all your suggestions. Still no progress. I am going to try and get some certified support.
0
 
LVL 5

Expert Comment

by:mindwise
ID: 37803225
sure dude, take care.
0
 

Assisted Solution

by:bush32
bush32 earned 0 total points
ID: 37809264
I managed to get it working with the help of Juniper Tech Support, it was surprisingly easy to setup an account with them and get free support, I am attaching a picture of the single change that was required to make it function.
SSG-Working.jpg
0
 
LVL 5

Expert Comment

by:mindwise
ID: 37811378
Good, happy it's working now :)

Have a great weekend.
0
 

Author Closing Comment

by:bush32
ID: 37822799
I was directing it to the incorrect VIP
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Telepresence on backup 3 57
SonicWall Max Connection Setting 7 40
Port Forwarding 4 52
VPN Server config in Modem 5 68
Hello , This is a short article on how would you go about enabling traceoptions on a Juniper router . Traceoptions are similar to Cisco debug commands but these traceoptions are implemented in Juniper networks router . The following demonstr…
How to set-up an On Demand, IPSec, Site to SIte, VPN from a Draytek Vigor Router to a Cyberoam UTM Appliance. A concise guide to the settings required on both devices
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

749 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question