Solved

Juniper Networks SSG-5 Port Forwarding (RDP)

Posted on 2012-03-28
12
2,995 Views
Last Modified: 2012-06-27
Can someone please help me port forward RDP on my Juniper SSG-5-Serial. I am not familiar with the cmd line so can you direct me how to do it through the netscreen. I have tried everything I could find on this site with no success.
0
Comment
Question by:bush32
  • 5
  • 5
  • 2
12 Comments
 
LVL 5

Expert Comment

by:cdfs
Comment Utility
Use the Web-UI, the steps are described in http://kb.juniper.net/InfoCenter/index?page=content&id=KB4740
0
 

Author Comment

by:bush32
Comment Utility
I found this link online as well I did all the steps exactly as outlined and it still does not work.
0
 
LVL 5

Expert Comment

by:mindwise
Comment Utility
perhaps your netscreen has a private address (192.168, or 10.xxx or 172.16/32.x.x , then you also need to configure port forwarding on your internet router...

We'll need a bit more info to be able to help you....  can you post the config (relevant parts, i.e the vip and the policy ?)

ty
0
 

Author Comment

by:bush32
Comment Utility
Here are the relevant screen shots. If you need anything more don't hesitate to ask.
ssg-5-1.JPG
ssg-5-2.JPG
ssg-5-3.JPG
ssg-5-4.JPG
ssg-5-5.JPG
0
 
LVL 5

Expert Comment

by:cdfs
Comment Utility
Judging from the screenshots, there could be two possible problems here. The first one is your policy. You are allowing traffic from any to the real IP of your server. Refering to the KB-article I posted you should allow traffic to the VIP. Second possible problem is your interface setting. You seem to to get your external IP by DHCP over PPPoE. Are you sure, that the 69.7.3.6 is in the same subnet and usable as your external IP bound to eth0/0? Also keep in mind, the VIP has to be a different IP than the one bound to the interface.
0
 
LVL 5

Expert Comment

by:mindwise
Comment Utility
Hi Bush,

I've not had a chance to look at the screenshots yet, however it seems cdfs's did and found a potential error (the destination of the policy needs to be the vip).

since you're running an ssg5, you should be able to set the vip as "same as interface" (or something like that"  so the
Also keep in mind, the VIP has to be a different IP than the one bound to the interface.
 doesn't really apply (that applies to the "bigger boxes" :)

keep us posted of the progress :)

/M
0
Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 
LVL 5

Accepted Solution

by:
mindwise earned 500 total points
Comment Utility
Hi Bush, i took a look at the pictures and please change the following:


picture 3, rdp:
Change the transport protocol to tcp, and the source port range to 1-65535

picture 4, rule:
Change the destination address "any" to the VIP you have created.

picture 5 policy:
remove rule ID 2 (any any any).

that should do it, you might want to turn on logging on the policy id 3 so you can verify traffic is hitting that rule.

Kr,
0
 

Author Comment

by:bush32
Comment Utility
I have tried all your suggestions. Still no progress. I am going to try and get some certified support.
0
 
LVL 5

Expert Comment

by:mindwise
Comment Utility
sure dude, take care.
0
 

Assisted Solution

by:bush32
bush32 earned 0 total points
Comment Utility
I managed to get it working with the help of Juniper Tech Support, it was surprisingly easy to setup an account with them and get free support, I am attaching a picture of the single change that was required to make it function.
SSG-Working.jpg
0
 
LVL 5

Expert Comment

by:mindwise
Comment Utility
Good, happy it's working now :)

Have a great weekend.
0
 

Author Closing Comment

by:bush32
Comment Utility
I was directing it to the incorrect VIP
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Join & Write a Comment

I have seen some questions on problems with SSH/telnet access to Cisco routers that may occur despite the fact that from a PC connected to your LAN, Internet connectivity is in place and users can access Internet sites without any issues.  There are…
I found an issue or “bug” in the SonicOS platform (the firmware controlling SonicWALL security appliances) that has to do with renaming Default Service Objects, which then causes a portion of the system to become uncontrollable and unstable. BACK…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now