04-10-2009 12:39 AM - edited 03-11-2019 08:16 AM
Hi,
I have a site-to-site VPN from a remote office to a HQ site. At the remote site I have an ISR 877 ADSL router(zone based firewall) and a PIX 523 (7.2) at the HQ site.
The problem is I can ping and connect to anything in the HQ site. But I can only ping from HQ to remote LAN(I need to be able to RDP).
I enabled logging on the polciy map and I can see traffic being logged on the console from HQ to remote LAN.
Routing is OK on the remote side as connectivity works from remote to HQ. Has anyone any ideas on this.
policy-map type inspect sdm-pol-VPNOutsideToInside-1
class type inspect sdm-cls-VPNOutsideToInside-10
pass log
have included configs, HELP!
04-10-2009 04:45 AM
Hello,
I sent you a reply on the old posted question.
And I think that I have the same problem unless I have to ping the host to permit the RDP to this same host. ARP problem ?
Regards,
Omar
04-10-2009 04:57 AM
I have not worked on a zone based firewall before so I dont fully understand how it should work.
the arp table has an entry for the host I am trying to communicate with.
there is also a domain controller which is replication without any issues so is there something funny about allowing RDP over the tunnel on these zone based firewalls?
04-10-2009 11:31 PM
RDP is an application protocol.
Which is normal that if you arrive to ping, every application is allowable as we ensure in this way a full IP access.
Anyone have any suggestion?
04-14-2009 01:31 AM
guys dont suppost anyone has any suggestions on this? Im stuck
04-17-2009 05:49 AM
I figued out what the problem was.
inspect tcp
I have turned that off and its working now. Im wondering now though what am I loosing by turning this off?
04-19-2009 01:07 AM
Good.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide