Solved

ZyWall Remote Desktop

Posted on 2014-11-22
7
879 Views
Last Modified: 2014-11-24
I'm fighting a Zywall USG 100 firewall that will not connect Remote Desktop from a remote computer to a computer on the domain behind the firewall. I can't ping the firewall from outside of the LAN, but I can ping out OK. I can open an IPSec VPN tunnel with ZyXel IPSec VPN Remote Client but nothing happens. I have tried using networks with different network schemas. I created an object/address, NAT & firewall rule. I created an RPD service for port 3389, but then found that the USG 100 has a remotelogin on port 513. I don't know if that has a different purpose. I haven't been able to get a complete set of instructions, so I can't be positive that all the settings are correct. The user manual is not completely clear about configuration for a static domain network with a dynamic remote client. I've been losing time on this for 2 weeks & it has to be finished. Any help is appreciated.
0
Comment
Question by:Albatross1953
  • 3
  • 3
7 Comments
 
LVL 17

Accepted Solution

by:
lruiz52 earned 250 total points
ID: 40460298
Try the steps below:

1. Create Object -> Service: RDP=3389/TCP
2. Create Object -> Address: My_HOST=100.100.100.100 (replace with your LAN Host IP)
3. Create NAT -> Virtual Server: Incoming:wan1, OrigIP:any, MappedIP:My_HOST, Mapping Type: Service: Original:RDP, Mapped:RDP
4. Create Firewall Rule: From:WAN, To:LAN1, Source:any, Destination:My_HOST, Service:RDP, Access:Allow
0
 

Author Comment

by:Albatross1953
ID: 40460551
I followed those steps. Still no ping or connection.
0
 

Author Comment

by:Albatross1953
ID: 40460569
I added the LAN IP address of the computer on the office network to the Remote Sharing tab on the VPN Client. I can connect through that & navigate to a login screen,  but when I enter her domain logini username & password I get the error:

The security database on the server does not have a computer account for this workstation trust relationship.
0
Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

 
LVL 15

Expert Comment

by:Perarduaadastra
ID: 40460579
The inability to ping the Zywall from outside is probably because the feature is turned off by default. It will probably be a check box labelled Respond to Pings or Ignore ICMP Requests, or similar.

The remote login may be to manage the unit from the internet, rather than from the LAN.

If I understand your question correctly, you're trying to establish an RDP connection over a VPN link. Have you tried connecting with RDP directly, that is, without using a VPN? Also, have you verified that the LAN target host is actually listening on 3389? It's not uncommon for the default port to be changed, and more common for such a change to be undocumented... You can check it in the target computer's registry by browsing to this key:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp

In the right pane scroll down to PortNumber - the decimal value (in brackets) is the port number on which the machine is listening for RDP connections. If you change it, you will need to reboot the computer for the change to take effect.
0
 
LVL 15

Expert Comment

by:Perarduaadastra
ID: 40460581
Ah, that's new information...

How was the machine added to the domain? What version of Window server is being used? It sounds as though there is a corrupt, damaged, or missing computer domain account, as opposed to a user account.
0
 

Author Comment

by:Albatross1953
ID: 40460588
I enabled echo. It still doesn't connect through the Remote Desktop app, but when I click on it in the VPN Client, it goes through Remote Desktop automatically. But I use the public IP when I try to go directly through Remote Desktop. The VPN Client uses the LAN IP of the PC. I don't care if it only works that way. She is the only person that will have remote access.

The office computer functions normally on the domain. It was added through Users folder on the server which is running MS Server 2008 R2. It had a problem logging on previously with a similar error message & I had to manually add it to the security agreement (?) folder.
0
 
LVL 15

Assisted Solution

by:Perarduaadastra
Perarduaadastra earned 250 total points
ID: 40460648
It might be better to delete the troublesome computer domain account and create a new one, to get rid of the error.

The fact that you can get to the log-on screen indicates that your RDP and VPN settings are working, although it isn't clear to me why you can't connect directly with RDP, unless there is an error in the firewall configuration that has so far been overlooked.
0

Featured Post

What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

Join & Write a Comment

For a while, I have wanted to connect my HTC Incredible to my corporate network to take advantage of the phone's powerful capabilities. I searched online and came up with varied answers from "it won't work" to super complicated statements that I did…
I found an issue or “bug” in the SonicOS platform (the firmware controlling SonicWALL security appliances) that has to do with renaming Default Service Objects, which then causes a portion of the system to become uncontrollable and unstable. BACK…
How to install and configure Citrix XenApp 6.5 - Part 1. In this video tutorial we have explained step by step installation of Citrix XenApp 6.5 Server on Windows Server 2008 R2 is explained in this video. We have explained the difference between…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now