Can't establish RDP connection over IPSec L2L VPN

Unanswered Question
Aug 7th, 2009

Hello,

Got 2 ASA 5505 connected to each other via L2L IPsecVPN. I can RDP a server from my remote location to HQ site but cant RDP from HQ to remote site. VPN is up and running ok. I can ping any server from both sites. I have attached running configs from both ASA5505. Public IP Address and relevant names on the configuration were omitted. Any feedback is highly appreciated.

Thanks,

udimpas

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
sadbulali Thu, 08/13/2009 - 10:25

windows firewall would have got RDP out of its exeption list. As soon as we checked the box you would be able to connect.

net.administrat... Fri, 08/14/2009 - 01:46

You shouldn't need to add the explicit line for RDP as it will be covered by the IP line you have:

access-list outside_1_cryptomap_1 extended permit ip inside 255.255.255.0 172.16.1.0 255.255.255.0

Its difficult to read this you have cut the access-group statement from the remote site config.

try adding

access-list inside_access_in extended permit tcp any any eq 3389

to the HQ firewall.

I believe there is a sysopt command that allows you to bypass these lists for site-site vpn but never quite got it to work myself.

Do you get any syslog error messages, these can be helpful.

Actions

This Discussion