cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
871
Views
0
Helpful
4
Replies

RDP access for remote VPN client on ASA 5510

saichamana
Level 1
Level 1

Hi.

We have configured site to site VPN tunnel from offshore to client location using ASA5510 and accessing RDP from client location. Also configured remote VPN access at offshore location. But using remote VPN client we are able to get RDP from officeshore location but not able to access RDP from client location. Is there any additional changes required ?

Thanks,

1 Accepted Solution

Accepted Solutions

Herbert Baerten
Cisco Employee
Cisco Employee

Hi Salsrinivas,

so to summarize:

the VPN client connects to the offshore ASA

the VPN client can successfully RDP to a server at the offshore location

the VPN client can NOT RDP to a server at the client location

offshore and client location are connected with a L2L tunnel

(and RDP between the 2 sites is working fine)

is that correct?

Things to check:

- is the vpn pool in the crypto ACL ?

- are you doing nat exemption for traffic between vpn pool and "client" LAN? is the exemption on the outside (vpn clients are  coming from the outside)?

- do you have "same-security-traffic permit intra-interface" enabled (traffic will come in on the outside, and leave again on the outside)?

If you need more help could you post a (sanitized) config please?

hth
Herbert

View solution in original post

4 Replies 4

Herbert Baerten
Cisco Employee
Cisco Employee

Hi Salsrinivas,

so to summarize:

the VPN client connects to the offshore ASA

the VPN client can successfully RDP to a server at the offshore location

the VPN client can NOT RDP to a server at the client location

offshore and client location are connected with a L2L tunnel

(and RDP between the 2 sites is working fine)

is that correct?

Things to check:

- is the vpn pool in the crypto ACL ?

- are you doing nat exemption for traffic between vpn pool and "client" LAN? is the exemption on the outside (vpn clients are  coming from the outside)?

- do you have "same-security-traffic permit intra-interface" enabled (traffic will come in on the outside, and leave again on the outside)?

If you need more help could you post a (sanitized) config please?

hth
Herbert

Hello Herbert,

yes. you are right.

my problem was solved. "same-security-traffic permit intra-interface" enabled and now I am able to access client RDP from VPN client. Thank you very much for your suggestion.

SaiChamana

Hello Herbert,

We have L2L tunnel between offshore and onsite locations. Also L2L tunnel between offshore and the client locations. By enabling the "same-security-traffic permit intra-interface" my remote VPN problem was solved. We have Allworx VoIP server at onsite location. Before enabling the "same-security-traffic permit intra-interface" I am able to make calls from offshore to onsite location. Now I am able to make calls but no voice. Any suggestions? Please find the config details

schamana

if this was working before, I don' t think enabling same-security broke it. There must have been some other trigger. I suggest you create a new thread in the Firewalling forum with more details, i.e. ip addresses of phones, voice protocol used, relevant syslogs (if any), captures.

hth

Herbert