Can't establish RDP connection over IPSec L2L VPN

Unanswered Question
Aug 7th, 2009


Got 2 ASA 5505 connected to each other via L2L IPsecVPN. I can RDP a server from my remote location to HQ site but cant RDP from HQ to remote site. VPN is up and running ok. I can ping any server from both sites. I have attached running configs from both ASA5505. Public IP Address and relevant names on the configuration were omitted. Any feedback is highly appreciated.



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
sadbulali Thu, 08/13/2009 - 10:25

windows firewall would have got RDP out of its exeption list. As soon as we checked the box you would be able to connect.

net.administrat... Fri, 08/14/2009 - 01:46

You shouldn't need to add the explicit line for RDP as it will be covered by the IP line you have:

access-list outside_1_cryptomap_1 extended permit ip inside

Its difficult to read this you have cut the access-group statement from the remote site config.

try adding

access-list inside_access_in extended permit tcp any any eq 3389

to the HQ firewall.

I believe there is a sysopt command that allows you to bypass these lists for site-site vpn but never quite got it to work myself.

Do you get any syslog error messages, these can be helpful.


This Discussion