Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

ZyWall Remote Desktop

Posted on 2014-11-22
7
Medium Priority
?
1,333 Views
Last Modified: 2014-11-24
I'm fighting a Zywall USG 100 firewall that will not connect Remote Desktop from a remote computer to a computer on the domain behind the firewall. I can't ping the firewall from outside of the LAN, but I can ping out OK. I can open an IPSec VPN tunnel with ZyXel IPSec VPN Remote Client but nothing happens. I have tried using networks with different network schemas. I created an object/address, NAT & firewall rule. I created an RPD service for port 3389, but then found that the USG 100 has a remotelogin on port 513. I don't know if that has a different purpose. I haven't been able to get a complete set of instructions, so I can't be positive that all the settings are correct. The user manual is not completely clear about configuration for a static domain network with a dynamic remote client. I've been losing time on this for 2 weeks & it has to be finished. Any help is appreciated.
0
Comment
Question by:Albatross1953
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
7 Comments
 
LVL 17

Accepted Solution

by:
lruiz52 earned 1000 total points
ID: 40460298
Try the steps below:

1. Create Object -> Service: RDP=3389/TCP
2. Create Object -> Address: My_HOST=100.100.100.100 (replace with your LAN Host IP)
3. Create NAT -> Virtual Server: Incoming:wan1, OrigIP:any, MappedIP:My_HOST, Mapping Type: Service: Original:RDP, Mapped:RDP
4. Create Firewall Rule: From:WAN, To:LAN1, Source:any, Destination:My_HOST, Service:RDP, Access:Allow
0
 

Author Comment

by:Albatross1953
ID: 40460551
I followed those steps. Still no ping or connection.
0
 

Author Comment

by:Albatross1953
ID: 40460569
I added the LAN IP address of the computer on the office network to the Remote Sharing tab on the VPN Client. I can connect through that & navigate to a login screen,  but when I enter her domain logini username & password I get the error:

The security database on the server does not have a computer account for this workstation trust relationship.
0
Supports up to 4K resolution!

The VS192 2-Port 4K DisplayPort Splitter is perfect for anyone who needs to send one source of DisplayPort high definition video to two or four DisplayPort displays. The VS192 can split and also expand DisplayPort audio/video signal on two or four DisplayPort monitors.

 
LVL 15

Expert Comment

by:Perarduaadastra
ID: 40460579
The inability to ping the Zywall from outside is probably because the feature is turned off by default. It will probably be a check box labelled Respond to Pings or Ignore ICMP Requests, or similar.

The remote login may be to manage the unit from the internet, rather than from the LAN.

If I understand your question correctly, you're trying to establish an RDP connection over a VPN link. Have you tried connecting with RDP directly, that is, without using a VPN? Also, have you verified that the LAN target host is actually listening on 3389? It's not uncommon for the default port to be changed, and more common for such a change to be undocumented... You can check it in the target computer's registry by browsing to this key:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp

In the right pane scroll down to PortNumber - the decimal value (in brackets) is the port number on which the machine is listening for RDP connections. If you change it, you will need to reboot the computer for the change to take effect.
0
 
LVL 15

Expert Comment

by:Perarduaadastra
ID: 40460581
Ah, that's new information...

How was the machine added to the domain? What version of Window server is being used? It sounds as though there is a corrupt, damaged, or missing computer domain account, as opposed to a user account.
0
 

Author Comment

by:Albatross1953
ID: 40460588
I enabled echo. It still doesn't connect through the Remote Desktop app, but when I click on it in the VPN Client, it goes through Remote Desktop automatically. But I use the public IP when I try to go directly through Remote Desktop. The VPN Client uses the LAN IP of the PC. I don't care if it only works that way. She is the only person that will have remote access.

The office computer functions normally on the domain. It was added through Users folder on the server which is running MS Server 2008 R2. It had a problem logging on previously with a similar error message & I had to manually add it to the security agreement (?) folder.
0
 
LVL 15

Assisted Solution

by:Perarduaadastra
Perarduaadastra earned 1000 total points
ID: 40460648
It might be better to delete the troublesome computer domain account and create a new one, to get rid of the error.

The fact that you can get to the log-on screen indicates that your RDP and VPN settings are working, although it isn't clear to me why you can't connect directly with RDP, unless there is an error in the firewall configuration that has so far been overlooked.
0

Featured Post

On Demand Webinar: Networking for the Cloud Era

Ready to improve network connectivity? Watch this webinar to learn how SD-WANs and a one-click instant connect tool can boost provisions, deployment, and management of your cloud connection.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

OpenVPN is a great open source VPN server that is capable of providing quick and easy VPN access to your network on the cheap.  By default the software is configured to allow open access to your network.  But what if you want to restrict users to on…
I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…
Suggested Courses

722 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question