Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1104
Views
0
Helpful
2
Replies

Can't establish RDP connection over IPSec L2L VPN

udimpas
Level 1
Level 1

‎08-07-2009 09:50 PM - edited ‎02-21-2020 04:18 PM

Hello,

Got 2 ASA 5505 connected to each other via L2L IPsecVPN. I can RDP a server from my remote location to HQ site but cant RDP from HQ to remote site. VPN is up and running ok. I can ping any server from both sites. I have attached running configs from both ASA5505. Public IP Address and relevant names on the configuration were omitted. Any feedback is highly appreciated.

Thanks,

udimpas

Labels:
Preview file
4 KB
Preview file
7 KB
0 Helpful
2 Replies 2

sadbulali
Level 4
Level 4

‎08-13-2009 10:25 AM

windows firewall would have got RDP out of its exeption list. As soon as we checked the box you would be able to connect.

0 Helpful

net.administrator
Level 1
Level 1

‎08-14-2009 01:46 AM

You shouldn't need to add the explicit line for RDP as it will be covered by the IP line you have:

access-list outside_1_cryptomap_1 extended permit ip inside 255.255.255.0 172.16.1.0 255.255.255.0

Its difficult to read this you have cut the access-group statement from the remote site config.

try adding

access-list inside_access_in extended permit tcp any any eq 3389

to the HQ firewall.

I believe there is a sysopt command that allows you to bypass these lists for site-site vpn but never quite got it to work myself.

Do you get any syslog error messages, these can be helpful.

0 Helpful
Customers Also Viewed These Support Documents