02-22-2007 02:33 PM - edited 03-11-2019 02:37 AM
Hey all,
We are in the process of slowly setting up our new appliance. We are messing around with allowing in bound connection for remote desktop. When we add the first one it works fine, but when we add the second one it says that port is already used. How do we add more than one??
I'm not the one that is working on this, but I believe he is trying to do this through the security policy.
Thanks.
Dylan
02-22-2007 04:16 PM
Hello Dylan,
Is the RDC from outside to a PC on the inside ?? Have you opened UDP port 3389 ? Have you done a static ? it seems you can do a remote desktop to the PC on the first instance and not for more than one connection ?? is that so ? if that is the case, i dont think the firewall configs are a problem.. they might have to check if they have limited the RDC connections on the end station...
Check this and let us know..
Raj
02-23-2007 07:01 AM
Sorry I might have not been clear on what I was saying.
We are using RD from an outside machine and NATing to an inside machine. We have set it up to work with one. When we go to add another rule for another machine we get a port already in use (3389). We use RD a lot and sometime set up outside agencies to get to certain machines. We need to be able to add more than one.
02-23-2007 07:14 AM
Do post your scenario and config. If one static statement is done there should be no further problem
Cheers
Hoogen
02-23-2007 07:15 AM
You need to use another ip address if you have them. Or if you are port translating using the outside address for firewall you will need to set remote desktop to use different ports for other machines. I think I am understanding you correctly. Maybe explain what you mean by "add another rule".
02-23-2007 08:33 AM
Thanks for the replys everyone. I am not the one that is doing the configs on the appliance. Here is what I see in the configs (ASDM)
Under Nat the added rule looks like this:
"Original"
interface - inside
source network - 192.x.x.x port 3389/tcp (inside machine)
Destination Network - any
"Translated"
interface - outside
Address - interface IP Port3389/tcp
There is another rule here that might have been added for this to work.
looks like that it translates any inside ip to the outside ip address (the ISP ip)
Under security policy there is also a rule.
Source/host - This is an outside IP (my home)
destination/host - My machine on the inside network
rule applied to traffic - incoming
interface - outside
Service 3389/tcp
I think that under the security policy is where he is trying to add another rule for access. Apparently this is where he is trying to add the rule.
Again sorry for the poor explanation, but maybe some of the above will help.
The main thing we are trying to do is to be able to use remote desktop with different outside pc to connect to various inside PCs. One outside PC will only connect to one inside PC, but we want to be able to decide the one.
maybe there is a better way to set this up??
Thanks again.
02-23-2007 08:49 AM
So when you rdp you are using the outside address of the firewall, which in turn translates to inside machine 192.168.x.1. If you want to rdp to 192.168.x.2, you will need to forward a different port or use another ip, not outside pix address.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: