• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 570
  • Last Modified:

Remote Desktop With Cisco RVS4000 V2 Router

I want to use remote desktop to access our server so I can remotely manage some accounts and activities. We are using a Cisco RVS4000 V2 Router and I don't see where I can set up the port forwarding. Is there something else I need to do with this router to enable Remote Desktop? The server is running Windows Server 2008 R2.

Thank you!

Robert
0
Robert Ehinger
Asked:
Robert Ehinger
  • 31
  • 30
1 Solution
 
MikeIT ManagerCommented:
Go to Firewall, Port Fowarding is under that.
0
 
Brad BouchardInformation Systems Security OfficerCommented:
Follow this advice I gave to another user, and you'll be fine:

http://www.experts-exchange.com/Hardware/Networking_Hardware/Firewalls/Q_27798379.html
0
 
Robert EhingerIT specialistAuthor Commented:
Shadowless127 - is that the firewall on the server or the remote computer or both?
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
Robert EhingerIT specialistAuthor Commented:
xBouchardx - is ASDM already part of the router configuration or will I need to install it?
0
 
Brad BouchardInformation Systems Security OfficerCommented:
You will need to install it, it's basically the GUI.  You can navigate to the IP of the Cisco through a web browswer and should be able to get it.
0
 
Robert EhingerIT specialistAuthor Commented:
OK, I see the port forwarding under the firewall. Do I use Single Port Forwarding or Port Range Forwarding? I am attaching a screen shot from the Single Port Forwarding. The IP address is that of the server that I want remote access to. I hope that is correct. I have tried the address of the server, the IP address of the router and the server's public IP but I cannot connect remotely with any of them. Is the port # correct? What about the Application? Should I check the enable box? I have tried it both ways.
Port-Forwarding.jpg
0
 
Brad BouchardInformation Systems Security OfficerCommented:
Use Single Port Forwarding

Use both TCP and UDP

Check the box that says Enabled next to it

It will work then...
0
 
Robert EhingerIT specialistAuthor Commented:
My choices are TCP or UDP. I cannot select both on the same line. If I try to add the UDP port when I try to save it I get the error message ""Policy 13 and 14 are the same." No matter which one I enable or disable I cannot connect. I was able to do this with no problem using a Cisco WRT120N wireless router but ever since we changed to this  Cisco RVS4000 V2 Router I have been unable to successfully connect remotely. What am I missing here?

Thanks!
0
 
Brad BouchardInformation Systems Security OfficerCommented:
Use TCP then, and forward 3389 to the internal IP of the server you want to connect to.  Make sure it's enabled, then you need to allow remote desktop traffic IN to your Cisco.  I have a feeling it isn't open.  Look for access rules, or access policies or something like that.

If you'd like I can remotely connect and help you out.
0
 
Robert EhingerIT specialistAuthor Commented:
If you are there right now then lets try connecting.
0
 
Brad BouchardInformation Systems Security OfficerCommented:
Sorry, I wasn't available.  Let's try tonight around 8:30-9 p.m.  I am on Mountain Standard Time (-7)
0
 
Robert EhingerIT specialistAuthor Commented:
I will be out of town then. Where should I be looking for the Access rules etc. I will be there first thing in the morning to take a look.
0
 
Brad BouchardInformation Systems Security OfficerCommented:
Check IP Based ACL, and Internet Access Policy (the two options above Single Port Forwarding)

Let me know.
0
 
Robert EhingerIT specialistAuthor Commented:
Here are screen shots of the current settings for these entries.
ACL.jpg
Internet-Access-Policy.jpg
0
 
Brad BouchardInformation Systems Security OfficerCommented:
Again, make sure that your single port forwarding rule is enabled, which I'm sure you said it was in an earlier post, then do one other thing that I may have overlooked.  Right click My Computer on the server > Properties > Remote

Make sure that allow connections from computers running any version of Remote Desktop is checked.  See attached screenshot for reference.

allowremoteconnections
If that's checked then let me know and we'll go back over your settings, perhaps remotely with us both connected if we can coordinate it.  If that's not check, or any other option but that is checked, check it and try it and it should work.  Also, make sure that your user account is allowed to remote to that computer.
0
 
Robert EhingerIT specialistAuthor Commented:
OK, initially "Allow Remote Assistance connections to this computer" was greyed out so I installed that Windows feature and then checked the box. My screen looks like your now but still no remote access.
0
 
Robert EhingerIT specialistAuthor Commented:
Also, I am using the Administrator account which is supposed to be allowed by default.
0
 
Brad BouchardInformation Systems Security OfficerCommented:
Remote Assistance isn't needed and is a different feature altogether.  If the bottom half of yours looks like mine now where you have checked "Allow remote connections from computers running any version of Remote Desktop" then we're good.

So you're basically going to Remote Desktop and typing in your public IP and it won't connect?  Can you please provide me your public IP?
0
 
Robert EhingerIT specialistAuthor Commented:
Your IP Address Is:
67.162.88.238
No Proxy Detected
0
 
Brad BouchardInformation Systems Security OfficerCommented:
Try using port range forwarding instead of single port forwarding, but for the range only use 3389.  Send me a screenshot of the settings when you're done.
0
 
Robert EhingerIT specialistAuthor Commented:
Here it is -
Port-Range.jpg
0
 
Brad BouchardInformation Systems Security OfficerCommented:
Check the checkbox next to enable.
0
 
Brad BouchardInformation Systems Security OfficerCommented:
Want to do a remote session?  Join.me, or TeamViewer?  Something else...?
0
 
Robert EhingerIT specialistAuthor Commented:
The reason I am trying to get RDP to work is because Teamviewer does not load on Server 2008. That is what I used on Server 2003. I will put a mark in the checkbox and see what happens.
0
 
Robert EhingerIT specialistAuthor Commented:
I checked the box and saved but I still cannot remotely connect. For what its worth, I can ping the IP address.
0
 
Brad BouchardInformation Systems Security OfficerCommented:
Does the IP address resolve to a name?  And, does it give a response back in ping or just destination host unreachable?
0
 
Robert EhingerIT specialistAuthor Commented:
I get a response when I ping the server.
0
 
Brad BouchardInformation Systems Security OfficerCommented:
Turn Windows Firewall completely off for all connections on the server.  Then try it.
0
 
Brad BouchardInformation Systems Security OfficerCommented:
Robert,

I'm still here and helping you by the way.  What did turning off Windows Firewall do for you?  Let me know so we can keep troubleshooting.
0
 
Brad BouchardInformation Systems Security OfficerCommented:
Any updates?
0
 
Robert EhingerIT specialistAuthor Commented:
I will turn off the firewall tomorrow and let you know.
0
 
Robert EhingerIT specialistAuthor Commented:
Firewall was already turned off.
0
 
Brad BouchardInformation Systems Security OfficerCommented:
Sorry for the delayed response.  Firewall turned off for all connections both incoming/outgoing?

And just so I'm clear, you have enabled (by checking the check box next to each) both rules you created under single and port range forwarding?

This sounds dumb as well, but try on your ACL creating a rule that allows Remote Desktop (3389) through to the LAN for your Server instead of having all services open for all interfaces.
0
 
Brad BouchardInformation Systems Security OfficerCommented:
One more thing Robert.  After you do my last suggestion (above) then go to this website:

http://canyouseeme.org/

Put in port 3389 and click the "Check Your Port" button

Let me know the results, preferable a screenshot.
0
 
Brad BouchardInformation Systems Security OfficerCommented:
This sounds dumb as well, but try on your ACL creating a rule that allows Remote Desktop (3389) through to the LAN for your Server instead of having all services open for all interfaces.

Let me also clarify even further to not delete the two ACLs there already, just add this in addition to them.
0
 
Robert EhingerIT specialistAuthor Commented:
I will be back at the school Friday evening and I will try these suggestions and provide feedback. Thank you!
0
 
Robert EhingerIT specialistAuthor Commented:
The error when checking the port is - Error: I could not see your service on 67.162.88.238 on port (3389)
Reason: Connection timed out

In the ACL list I do not see RDP or remote desktop
0
 
Brad BouchardInformation Systems Security OfficerCommented:
That is the problem then, you have not allowed Remote Desktop through your firewall to your LAN and it is still blocking it.  You need to add that rule that allows it.  If you don't see RDP or remote desktop, just use port 3389 and give it your own name if you need to.  Computers by default know that 3389 is RDP.
0
 
Robert EhingerIT specialistAuthor Commented:
I am completely confused now. I am sending screen shots of what I see under the firewall settings that we have been discussing.
Basic-Settings.jpg
Edit-IP-Based-ACL.jpg
Edit-List-of-PCs.jpg
Internet-Access-Policy.jpg
IP-Based-ACL.jpg
0
 
Brad BouchardInformation Systems Security OfficerCommented:
Try adding a new rule under IP Based ACL and use these settings

3     Checkmark      Allow    RDP/Terminal Services     WAN      Any    IPOFYOURSERVER  Any Any
0
 
Brad BouchardInformation Systems Security OfficerCommented:
Any luck Robert?
0
 
Robert EhingerIT specialistAuthor Commented:
Still no luck.
0
 
Brad BouchardInformation Systems Security OfficerCommented:
What is the subnet of your public IP?  I can further investigate.
0
 
Robert EhingerIT specialistAuthor Commented:
.6 it changes periodically.
0
 
Brad BouchardInformation Systems Security OfficerCommented:
No, I mean the Subnet Mask of 67.162.88.238

It should look like
67.162.88.238 <-- 1 of your IPs
255.255.255.248 <-- Subnet
67.162.88.xxx < -- Gateway
0
 
Robert EhingerIT specialistAuthor Commented:
255.255.255.0

All IPs are in the 192.168.0.xxx  range.
0
 
Brad BouchardInformation Systems Security OfficerCommented:
But the subnet of your public IP, meaning, what is the subnet associated with the 67.162.88.238 address from your ISP?
0
 
Robert EhingerIT specialistAuthor Commented:
OK, I am not exactly sure where to find that. I went to Status and Gateway on the router and this is what I found -

Connection type is DHCP
IP Address is 10.1.x.xx
Subnet Mask is 255.255.255.0
0
 
Brad BouchardInformation Systems Security OfficerCommented:
You will have to call your ISP and ask them.  When you do, ask them for your IP range block, your subnet, and your gateway.
0
 
Robert EhingerIT specialistAuthor Commented:
When I called Comcast they told me that I can set the address range of the modem where I want it in the 10.0.x.xxx range.
0
 
Brad BouchardInformation Systems Security OfficerCommented:
Let me know when you want to do a remote session and we can.  That way I can better help you as I think you're a little confused.
0
 
Robert EhingerIT specialistAuthor Commented:
OK. When are you usually available? And we have to work around school hours.
0
 
Brad BouchardInformation Systems Security OfficerCommented:
I can work late at night if you want which would be off of school hours.  I'm located in Montana so the current time is 4:32 p.m.  We could do something tomorrow night around 9 p.m. or so.
0
 
Robert EhingerIT specialistAuthor Commented:
I will need to see when I can get there of an evening. What is your availability this next week - including possibly Saturday morning?
0
 
Brad BouchardInformation Systems Security OfficerCommented:
Saturday morning would have to be early, like 8:30 a.m. Mountain Standard Time (Montana).
0
 
Robert EhingerIT specialistAuthor Commented:
Sorry, I got tied up with family stuff and this weekend won't work either. How about Saturday morning Dec 1?
0
 
Brad BouchardInformation Systems Security OfficerCommented:
Make sure that if you have any other rules that this rule is listed above any of those other ones.  That is the one last big obvious thing I forgot.  By this I mean, make sure that this rule is listed above any other as it will take precedence that way.
0
 
Robert EhingerIT specialistAuthor Commented:
Not sure what rule you are referring to but I will be at the school this coming Saturday morning if you still want to take a look at this.
0
 
Brad BouchardInformation Systems Security OfficerCommented:
Long time no see.  Haha.  Anyway, I'm available again, we should try to do a remote connection and get this thing solved.  Let me know.
0
 
Robert EhingerIT specialistAuthor Commented:
I was away for awhile and just rejoined EE. I will get back to this soon and provide feedback.
0
 
Robert EhingerIT specialistAuthor Commented:
This problem has not been resolved so I subscribed to logmein and am using that for remote access. I suggest this question be closed.
0
 
Robert EhingerIT specialistAuthor Commented:
None of the suggested solutions worked so I am using a 3rd party application to accomplish the same thing.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Cloud Class® Course: Amazon Web Services - Basic

Are you thinking about creating an Amazon Web Services account for your business? Not sure where to start? In this course you’ll get an overview of the history of AWS and take a tour of their user interface.

  • 31
  • 30
Tackle projects and never again get stuck behind a technical roadblock.
Join Now