10-28-2011 06:35 AM - edited 03-11-2019 02:43 PM
I have VPN up and running between two sites. Both sites have Cisco ASA 5505. I can ping across the devices from both networks. But I cannot remote into the servers on the other network.
10-28-2011 06:46 AM
Ensure that you have allowed RDP access on those servers, and there is no firewall rules that might be blocking the RDP connection.
Also can you telnet on the RDP port (TCP/3389) to see if the connectivity is there?
11-03-2011 01:29 PM
Jennifer,
I cannot telnet on the RDP Port to the remote server.
Thanks,
Pratik
11-03-2011 01:04 PM
If you haven't pinpointed this issue yet. Try using the 'packet-tracer' command as follows. This should tell you exactly where your failure is.
!-below is assuming your interface is named 'inside' replace that with the closest firewall interface to the source of the RDP.
!-1.1.1.1 = src IP and 2.2.2.2=dst IP
packet-tracer input inside tcp 1.1.1.1 1024 2.2.2.2 3389 detail
11-04-2011 05:54 AM
So now the VPN is up and running. I can ping either side. I can even access files and folder of the remote servers. But I still cannot RDP into the servers on the remote network. I don't know what's blocking the rdp connection. Any suggestions???
Thanks,
Pratik
11-04-2011 06:15 AM
Hi,
sniff the server interface to see if it receives the rdp packets and replies to them.
Alain.
11-04-2011 06:22 AM
Cadet,
Sorry if I am being dumb, but can you tell me how do i do that?
Thanks,
Pratik
11-04-2011 06:26 AM
Hi,
if linux just use tcpdump and save as pcap file then post here
if windows then install wireshark and sniff your interface and save as pcap and post here.
Alain.
11-04-2011 07:42 AM
Have you tried the 'packet-tracer' command? If you can access (via file browsing or whatever), the same destination network from your side of the tunnel with no issues, then we can rule out routing. The 'packet-tracer' will identify where and if there is an issue with your 'proxy-domain' (ie. the crypto ACL), and any other issues that may be evident. This should be your first step. If all is well, then you can do a tcpdump on the server side. Being that your using RDP, it would suspect your destination server is Microsoft. After <<< running the packet-tracer >>> (if all is well), then as stated above, download the wireshark, and sniff the interface on the server to see if the packets are making it there. Also you may want to run the 'netstat -a', to see if the service is even listening. But I will say again, use the 'packet-tracer', as this would be best practice in troubleshooting to start local, then to the remote side if needed.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide