08-07-2009 09:50 PM - edited 02-21-2020 04:18 PM
Hello,
Got 2 ASA 5505 connected to each other via L2L IPsecVPN. I can RDP a server from my remote location to HQ site but cant RDP from HQ to remote site. VPN is up and running ok. I can ping any server from both sites. I have attached running configs from both ASA5505. Public IP Address and relevant names on the configuration were omitted. Any feedback is highly appreciated.
Thanks,
udimpas
08-13-2009 10:25 AM
windows firewall would have got RDP out of its exeption list. As soon as we checked the box you would be able to connect.
08-14-2009 01:46 AM
You shouldn't need to add the explicit line for RDP as it will be covered by the IP line you have:
access-list outside_1_cryptomap_1 extended permit ip inside 255.255.255.0 172.16.1.0 255.255.255.0
Its difficult to read this you have cut the access-group statement from the remote site config.
try adding
access-list inside_access_in extended permit tcp any any eq 3389
to the HQ firewall.
I believe there is a sysopt command that allows you to bypass these lists for site-site vpn but never quite got it to work myself.
Do you get any syslog error messages, these can be helpful.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide