Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Nickel

RDP to VPN Clients

Hi

I have a rule to allow a LAN PC to connect to a Remote Access VPN user. The rule allows ICMP, RPC (tcp/135), RDP (tcp3389) and SCCM RC ports (tcp/2701, tcp/2702, udp/2701, udp/2702).

From the LAN PC I can successfully ping the RA VPN machine. I can also successfully telnet on port 135. In the logs I see these hitting the VPN blade and the traffic being encrypted. However, I cannot successfully telnet on ports 3389, 2701 or 2702. I see the outgoing traffic hitting the VPN blade ad being encrypted but I then also see additional log entries that hit the firewall blade and have the message "address spoofing". 

I have checked encrytion domains and routing and it all looks fine. What I don't understand is why I can ping the remote machine and telnet works for one port but does not work for other ports. Why is this traffic not being encrypted even though it is initially hitting the same rule?

Is there something specific to allow RDP or RC services over VPN? Has anyone encountered this?

Thanks
Roy

0 Kudos
2 Replies
Highlighted

Check if you have this enabled?

 

 

Anotação 2020-03-26 112908.png

0 Kudos
Highlighted
Nickel

Henrique

No, that option is not enabled. I did consider it as a possibility but still not answers why it works for some ports and not other ports.

Roy

0 Kudos