Re: Need help with VLAN/Access List/RDP - Page 2

sonitadmin · ‎09-17-2009

Have an attorneys office that needs to connect via PPTP to a VPN and then RDP into a desktop to access files.

PPTP setup and working on Pix 515e. Can connect fine. When client then tries to RDP into the machine they cannot connect.

Cisco 3560 switch with VLANs configured is where I think the problem lies but can't pinpoint the issue. Clerks office is on VLAN8 with the following ACL assigned to it:

access-list 108 permit icmp any any

access-list 108 permit tcp host 10.10.0.70 any

access-list 108 permit tcp host 10.10.0.71 any

access-list 108 permit ip 10.70.0.0 0.0.255.255 any

access-list 108 permit ip 10.250.0.0 0.0.0.255 any

access-list 108 permit ip 10.254.0.0 0.0.0.255 any

access-list 108 permit tcp 10.10.0.0 0.0.255.255 any eq www

access-list 108 deny ip 172.16.1.0 0.0.0.255 any

access-list 108 deny ip 10.0.0.0 0.255.255.255 any

access-list 108 permit ip any any

When I connect via the PPTP VPN I have an IP address of 10.10.0.241. I added a line to permit any from 10.10.0.0 0.0.255.255 but that didn't allow it either so I removed it.

I have tried every command I can think of to get this to work but nothing has worked.

Any help would be appreciated.

Edison Ortiz · ‎09-17-2009

There shouldn't be anything on the Pix that's blocking this should there?

We don't know the PIX config. For PIX assistance, please repost in the firewall section of these forums.

__

Edison.

sonitadmin · ‎09-17-2009

If I can connect to PPTP through the Pix though, that should be about all that I need from there correct? I can't think of and don't see any rules that would block access. Just wanted to check that though.