Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
871
Views
0
Helpful
4
Replies

RDP access for remote VPN client on ASA 5510

Go to solution
saichamana
Level 1
Level 1

‎01-18-2011 09:33 AM - edited ‎02-21-2020 05:06 PM

Hi.

We have configured site to site VPN tunnel from offshore to client location using ASA5510 and accessing RDP from client location. Also configured remote VPN access at offshore location. But using remote VPN client we are able to get RDP from officeshore location but not able to access RDP from client location. Is there any additional changes required ?

Thanks,

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Herbert Baerten
Cisco Employee
Cisco Employee

‎01-24-2011 12:01 AM

Hi Salsrinivas,

so to summarize:

the VPN client connects to the offshore ASA

the VPN client can successfully RDP to a server at the offshore location

the VPN client can NOT RDP to a server at the client location

offshore and client location are connected with a L2L tunnel

(and RDP between the 2 sites is working fine)

is that correct?

Things to check:

- is the vpn pool in the crypto ACL ?

- are you doing nat exemption for traffic between vpn pool and "client" LAN? is the exemption on the outside (vpn clients are  coming from the outside)?

- do you have "same-security-traffic permit intra-interface" enabled (traffic will come in on the outside, and leave again on the outside)?

If you need more help could you post a (sanitized) config please?

hth
Herbert

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Herbert Baerten
Cisco Employee
Cisco Employee

‎01-24-2011 12:01 AM

Hi Salsrinivas,

so to summarize:

the VPN client connects to the offshore ASA

the VPN client can successfully RDP to a server at the offshore location

the VPN client can NOT RDP to a server at the client location

offshore and client location are connected with a L2L tunnel

(and RDP between the 2 sites is working fine)

is that correct?

Things to check:

- is the vpn pool in the crypto ACL ?

- are you doing nat exemption for traffic between vpn pool and "client" LAN? is the exemption on the outside (vpn clients are  coming from the outside)?

- do you have "same-security-traffic permit intra-interface" enabled (traffic will come in on the outside, and leave again on the outside)?

If you need more help could you post a (sanitized) config please?

hth
Herbert

0 Helpful

Go to solution
saichamana
Level 1
Level 1
In response to Herbert Baerten

‎01-24-2011 05:53 AM

Hello Herbert,

yes. you are right.

my problem was solved. "same-security-traffic permit intra-interface" enabled and now I am able to access client RDP from VPN client. Thank you very much for your suggestion.

SaiChamana

0 Helpful

Go to solution
saichamana
Level 1
Level 1
In response to Herbert Baerten

‎02-04-2011 06:46 AM

Hello Herbert,

We have L2L tunnel between offshore and onsite locations. Also L2L tunnel between offshore and the client locations. By enabling the "same-security-traffic permit intra-interface" my remote VPN problem was solved. We have Allworx VoIP server at onsite location. Before enabling the "same-security-traffic permit intra-interface" I am able to make calls from offshore to onsite location. Now I am able to make calls but no voice. Any suggestions? Please find the config details

schamana

79872-Config.txt.zip
0 Helpful

Go to solution
Herbert Baerten
Cisco Employee
Cisco Employee
In response to saichamana

‎02-07-2011 03:40 AM

if this was working before, I don' t think enabling same-security broke it. There must have been some other trigger. I suggest you create a new thread in the Firewalling forum with more details, i.e. ip addresses of phones, voice protocol used, relevant syslogs (if any), captures.

hth

Herbert

0 Helpful
Customers Also Viewed These Support Documents