ZyWall Remote Desktop

I'm fighting a Zywall USG 100 firewall that will not connect Remote Desktop from a remote computer to a computer on the domain behind the firewall. I can't ping the firewall from outside of the LAN, but I can ping out OK. I can open an IPSec VPN tunnel with ZyXel IPSec VPN Remote Client but nothing happens. I have tried using networks with different network schemas. I created an object/address, NAT & firewall rule. I created an RPD service for port 3389, but then found that the USG 100 has a remotelogin on port 513. I don't know if that has a different purpose. I haven't been able to get a complete set of instructions, so I can't be positive that all the settings are correct. The user manual is not completely clear about configuration for a static domain network with a dynamic remote client. I've been losing time on this for 2 weeks & it has to be finished. Any help is appreciated.
Albatross1953Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

lruiz52Commented:
Try the steps below:

1. Create Object -> Service: RDP=3389/TCP
2. Create Object -> Address: My_HOST=100.100.100.100 (replace with your LAN Host IP)
3. Create NAT -> Virtual Server: Incoming:wan1, OrigIP:any, MappedIP:My_HOST, Mapping Type: Service: Original:RDP, Mapped:RDP
4. Create Firewall Rule: From:WAN, To:LAN1, Source:any, Destination:My_HOST, Service:RDP, Access:Allow
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Albatross1953Author Commented:
I followed those steps. Still no ping or connection.
0
Albatross1953Author Commented:
I added the LAN IP address of the computer on the office network to the Remote Sharing tab on the VPN Client. I can connect through that & navigate to a login screen,  but when I enter her domain logini username & password I get the error:

The security database on the server does not have a computer account for this workstation trust relationship.
0
Redefine Your Security with AI & Machine Learning

The implications of AI and machine learning in cyber security are massive and constantly growing, creating both efficiencies and new challenges across the board. Check out our on-demand webinar to learn more about how AI can help your organization!

PerarduaadastraCommented:
The inability to ping the Zywall from outside is probably because the feature is turned off by default. It will probably be a check box labelled Respond to Pings or Ignore ICMP Requests, or similar.

The remote login may be to manage the unit from the internet, rather than from the LAN.

If I understand your question correctly, you're trying to establish an RDP connection over a VPN link. Have you tried connecting with RDP directly, that is, without using a VPN? Also, have you verified that the LAN target host is actually listening on 3389? It's not uncommon for the default port to be changed, and more common for such a change to be undocumented... You can check it in the target computer's registry by browsing to this key:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp

In the right pane scroll down to PortNumber - the decimal value (in brackets) is the port number on which the machine is listening for RDP connections. If you change it, you will need to reboot the computer for the change to take effect.
0
PerarduaadastraCommented:
Ah, that's new information...

How was the machine added to the domain? What version of Window server is being used? It sounds as though there is a corrupt, damaged, or missing computer domain account, as opposed to a user account.
0
Albatross1953Author Commented:
I enabled echo. It still doesn't connect through the Remote Desktop app, but when I click on it in the VPN Client, it goes through Remote Desktop automatically. But I use the public IP when I try to go directly through Remote Desktop. The VPN Client uses the LAN IP of the PC. I don't care if it only works that way. She is the only person that will have remote access.

The office computer functions normally on the domain. It was added through Users folder on the server which is running MS Server 2008 R2. It had a problem logging on previously with a similar error message & I had to manually add it to the security agreement (?) folder.
0
PerarduaadastraCommented:
It might be better to delete the troublesome computer domain account and create a new one, to get rid of the error.

The fact that you can get to the log-on screen indicates that your RDP and VPN settings are working, although it isn't clear to me why you can't connect directly with RDP, unless there is an error in the firewall configuration that has so far been overlooked.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Remote Access

From novice to tech pro — start learning today.