Solved

Draytek RDP

Posted on 2013-10-30
5
448 Views
Last Modified: 2014-04-30
Hi,

We have a Draytek 2820n i've been trying to enable RDP access to the server, i've setup the nat i'm confident that it's setup correctly well think i was anyway.

AP001192> srv nat showall
srv nat showall
Index   Proto   WAN IP:Port                 Private IP:Port             Act
*****************************************************************************
R01     TCP     -- ALL --:3389              192.168.31.3:3389           Y
R02     TCP     0.0.0.0:3389                192.168.31.3:3389           Y
R03     TCP     -- ALL --:443               192.168.31.3:443            Y
R04     TCP     -- ALL --:25                192.168.31.3:25             Y
R05     TCP     -- ALL --:80                192.168.31.3:80             Y
R06     TCP     -- ALL --:987               192.168.31.3:987            Y
R07     TCP     -- ALL --:143               192.168.31.3:143            Y
R08     TCP     -- ALL --:993               192.168.31.3:993            Y
R09     TCP     -- ALL --:11636             192.168.31.3:636            Y

This is how it looks and i've tried everything to get 3389 allowing but it's not working. I'm not too familar with Drayteks and it's all sort of guess work for this one i'm afraid can anyone point me down the right track.

I've checked the server side and this appears to allow rdp access.
0
Comment
Question by:Alex Young
  • 3
5 Comments
 
LVL 45

Expert Comment

by:Craig Beck
ID: 39611938
Remove R02

Does the SMTP rule work?
Is the RDP server using the Draytek router as it's default gateway?
0
 
LVL 1

Author Comment

by:Alex Young
ID: 39612019
Yeah everything works even owa works
0
 
LVL 45

Expert Comment

by:Craig Beck
ID: 39612042
So is the firewall on the router configured correctly?

Also, is the firewall on the RDP server allowing connections on port 3389 from address ranges which aren't on your LAN?
0
 
LVL 14

Accepted Solution

by:
plug1 earned 500 total points
ID: 39613460
The RDP connection should be set to use ALL as the wan port in the same way as the rest are, whats your reasoning in putting 0.0.0.0 in there? Also opening up 3389 on the wen is a massive safety concern, you should pick a random port and redirect that to 3389.
0
 
LVL 45

Expert Comment

by:Craig Beck
ID: 40031753
Hmmm, I don't understand why that worked... you already had the rule configured correctly at R01...
R01     TCP     -- ALL --:3389              192.168.31.3:3389           Y
R02     TCP     0.0.0.0:3389                192.168.31.3:3389           Y
0

Featured Post

Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

Join & Write a Comment

When posting a question about a Cisco ASA, Cisco Router or Cisco Switch, it can aid diagnosis if a suitably sanitised copy of the config is provided. It is much better to leave as much of the configuration as original as possible, as it could be tha…
Hello All, I have been training on Multicast for a while now and whenever I start the topic , I find out that my friends /  Colleagues mention that they do not know how to test Multicast Joins. As most of the multicast would be video traffic and …
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now