Jen Brooks
asked on
RV042 site to site vpn can ping but not access server via rdp
Running a Cisco RV042 and have a site to site VPN that had been operating successfully. We use this connection to RDP into a terminal server. We added an access rule to deny all traffic through Port 3389 from WAN1 (due to a port forwarding issue.) Now we cannot access the terminal server from the remote sites. We can however ping all devices from both sides and successfully print to the printers that are at remote sites. This would indicate that the VPN is successfully up. So this would tend to indicate that this rule is affecting these VPN connections as well? Is this the case?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
PS-Just reviewed the firewall and you should be able to do so in the Advanced Firewall configuration, under inbound rules | Remote Desktop (TCP) | Scope | Remote IP addresses | Add | 192.168.123.0/24 (24 assumes a remote site 255.255.255.0 subnet mask)
Note: I specified "Remote IP addresses". Technically it is considered a local address but if Remote doesn't work use Local, but don't forget to add the local subnet as well, as you will have unchecked "Any IP Address" (Local)
Also: I do not recommend making NIC or firewall changes remotely. In the event of a misconfiguration or problem you could get locked out of RDP access. You want to have access to the console to fix.
Note: I specified "Remote IP addresses". Technically it is considered a local address but if Remote doesn't work use Local, but don't forget to add the local subnet as well, as you will have unchecked "Any IP Address" (Local)
Also: I do not recommend making NIC or firewall changes remotely. In the event of a misconfiguration or problem you could get locked out of RDP access. You want to have access to the console to fix.
ASKER
Thank you very much for all of the help. The last few recommendations were a little over my comfort level but I was able to make it work by nailing down IP addresses by tying them to MAC addresses and then only opening up the terminal server to those IP addresses. This was a workable solution because I only have one workstation logging in from the remote site. Thank you for all your help!
ASKER