cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
393
Views
0
Helpful
6
Replies

ISR 877 to PIX 525 VPN RDP issue

darkbeatzz
Level 1
Level 1

Hi,

I have a site-to-site VPN from a remote office to a HQ site. At the remote site I have an ISR 877 ADSL router(zone based firewall) and a PIX 523 (7.2) at the HQ site.

The problem is I can ping and connect to anything in the HQ site. But I can only ping from HQ to remote LAN(I need to be able to RDP).

I enabled logging on the polciy map and I can see traffic being logged on the console from HQ to remote LAN.

Routing is OK on the remote side as connectivity works from remote to HQ. Has anyone any ideas on this.

policy-map type inspect sdm-pol-VPNOutsideToInside-1

class type inspect sdm-cls-VPNOutsideToInside-10

pass log

have included configs, HELP!

6 Replies 6

omar.elmohri
Level 1
Level 1

Hello,

I sent you a reply on the old posted question.

And I think that I have the same problem unless I have to ping the host to permit the RDP to this same host. ARP problem ?

Regards,

Omar

I have not worked on a zone based firewall before so I dont fully understand how it should work.

the arp table has an entry for the host I am trying to communicate with.

there is also a domain controller which is replication without any issues so is there something funny about allowing RDP over the tunnel on these zone based firewalls?

RDP is an application protocol.

Which is normal that if you arrive to ping, every application is allowable as we ensure in this way a full IP access.

Anyone have any suggestion?

guys dont suppost anyone has any suggestions on this? Im stuck

I figued out what the problem was.

inspect tcp

I have turned that off and its working now. Im wondering now though what am I loosing by turning this off?

Good.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: