Geez, I am having all kinds of problems with this SA 540. I configured a custom firewall rule as seen below. The intent is to port forward into an internal workstation and translate the port to the standard RDP port of 3389 (second image). The external client goes to rdp.domain.com:9833 to make the RDP connection. It worked for a day and then it did not. I have disabled the rule and re-enabled it, deleted it and recreated it, changed the port and nothing works. The logs don't even record a hit.
I can't restart the router until after hours, but why would that even be necessary? How about it Cisco? Is this a problem with the appliance? It is running firmware version 2.1.71.
Everything seems to be set correctly but i have a few questions? First i see you specified external IP address (optional WAN)how is the both wans configured, and do you have SA540 in load balance mode? if so do you have any protocol binding rules enabled? (If so) the computer you're using to connect (RDP) are you binding it out the optional WAN or Dedicated WAN. This could conflict depending on your rules.
Thanks, Jasbryan, for the quick response. The optional WAN is an active connection using FIOS. The dedicated WAN is using Road Runner. The mode is configured for failover with the Road Runner connection in standby. It just happened that way. Originally, Road Runner was to be the primary Internet connection, but it did not prove as reliable as FIOS (FIOS is faster, too).
When a user attempts a connection, it is to vpn.domain.com:9833 for example. I am to configure about six ports in all, so they will translate from 9833 through 9838 to the internal workstations at 3389. Also, there is a server that is being translated on the traditional RDP port so you have 3389 to 3389 on that one. The server works fine. If you look down the list in the below image, you will see Websense. That works, too. I am just wondering if the SA 540 is having trouble port translating multiple connections coming in on different remote ports, but going to the same local port even though it is to different computers. What do you think? This should not be a problem. I do this exact thing using other routers. As a test, I disabled the first RDP rule in the list and there was no change.
This really has me stumped.
If the image is not viewable in this post, save it to your computer and then view it.
The problem was a group policy on Windows workstations the client had not told me about. It limited remote desktop connections to only requests made on the local subnet. When the policy was changed to accept all requests for remote desktop connections, the port translation on the firewall worked.
Article ID:3091 Reboot and Factory Default Reset on ISA500 Series
Integrated Security Appliances Objective Reboot or restart of the
network device is made when certain changes in the settings need reboot
or if the device is frozen. The configuration setti...
Article ID:3403 WAN Quality of Service (QoS) Policy Profiles Settings on
ISA500 Series Integrated Security Appliances Objective Wide Area Network
(WAN) Quality of Service (QoS) policy profiles manage traffic through
classed-based profiles. These profiles ...
Article ID:2922 Cisco QuickVPN Installation Tips for Windows Operating
Systems For a video showing installation tips on Quick VPN, visit
http://youtu.be/hHu2z6A78N8 Objective Cisco QuickVPN is a free software
designed for remote access to a network. It is...