Juniper Networks SSG-5 Port Forwarding (RDP)

Can someone please help me port forward RDP on my Juniper SSG-5-Serial. I am not familiar with the cmd line so can you direct me how to do it through the netscreen. I have tried everything I could find on this site with no success.
bush32Asked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

cdfsCommented:
Use the Web-UI, the steps are described in http://kb.juniper.net/InfoCenter/index?page=content&id=KB4740
bush32Author Commented:
I found this link online as well I did all the steps exactly as outlined and it still does not work.
mindwiseCommented:
perhaps your netscreen has a private address (192.168, or 10.xxx or 172.16/32.x.x , then you also need to configure port forwarding on your internet router...

We'll need a bit more info to be able to help you....  can you post the config (relevant parts, i.e the vip and the policy ?)

ty
Determine the Perfect Price for Your IT Services

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden with our free interactive tool and use it to determine the right price for your IT services. Download your free eBook now!

bush32Author Commented:
Here are the relevant screen shots. If you need anything more don't hesitate to ask.
ssg-5-1.JPG
ssg-5-2.JPG
ssg-5-3.JPG
ssg-5-4.JPG
ssg-5-5.JPG
cdfsCommented:
Judging from the screenshots, there could be two possible problems here. The first one is your policy. You are allowing traffic from any to the real IP of your server. Refering to the KB-article I posted you should allow traffic to the VIP. Second possible problem is your interface setting. You seem to to get your external IP by DHCP over PPPoE. Are you sure, that the 69.7.3.6 is in the same subnet and usable as your external IP bound to eth0/0? Also keep in mind, the VIP has to be a different IP than the one bound to the interface.
mindwiseCommented:
Hi Bush,

I've not had a chance to look at the screenshots yet, however it seems cdfs's did and found a potential error (the destination of the policy needs to be the vip).

since you're running an ssg5, you should be able to set the vip as "same as interface" (or something like that"  so the
Also keep in mind, the VIP has to be a different IP than the one bound to the interface.
 doesn't really apply (that applies to the "bigger boxes" :)

keep us posted of the progress :)

/M
mindwiseCommented:
Hi Bush, i took a look at the pictures and please change the following:


picture 3, rdp:
Change the transport protocol to tcp, and the source port range to 1-65535

picture 4, rule:
Change the destination address "any" to the VIP you have created.

picture 5 policy:
remove rule ID 2 (any any any).

that should do it, you might want to turn on logging on the policy id 3 so you can verify traffic is hitting that rule.

Kr,

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
bush32Author Commented:
I have tried all your suggestions. Still no progress. I am going to try and get some certified support.
mindwiseCommented:
sure dude, take care.
bush32Author Commented:
I managed to get it working with the help of Juniper Tech Support, it was surprisingly easy to setup an account with them and get free support, I am attaching a picture of the single change that was required to make it function.
SSG-Working.jpg
mindwiseCommented:
Good, happy it's working now :)

Have a great weekend.
bush32Author Commented:
I was directing it to the incorrect VIP
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Hardware Firewalls

From novice to tech pro — start learning today.