Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Anders_Gustafss
Explorer

RDP to VPN Mobile clients doesn´t work

Hi,

Is there any problem to do a RDP session to VPN Mobile clients?

Everything works as normal with the RDP connection until the remote user is allowing remote access to their computer (clicking OK to allow it), then the VPN connection gets disconnected and no RDP session is possible.

We have rules that allow RDP to  do remote sessions to VPN Mobile clients on the Office Mode IP-adresses.

We are using a domain administrator account for the RDP session.

What could be wrong or is this a security feature that should disconnect this type of remote session?

Regards
Anders

0 Kudos
5 Replies
PhoneBoy
Admin
Admin

Do you have this property enabled to allow back connections?

Screen Shot 2021-05-28 at 12.35.19 PM.png

0 Kudos
Anders_Gustafss
Explorer

Yes, we have that property enabled and we have other gateway to client communication that works, it's just RDP that won't work.

We have ManageEngines Desktop Central as computer management system, but the remote session consol is a little bit complicated to use so we want to use RDP instead for easier access to VPN connected clients and give help to our remote users. I hope there is a solution for this.



0 Kudos
Timothy_Hall
Champion
Champion

Best bet would be to run a fw monitor -F capture of the RDP traffic on the firewall, this will allow you to see if it is being dropped by the firewall, dropped or not returned by the client, or is some kind of routing problem. Just be careful and double-check your fw monitor -F syntax as making a mistake will give you a completely unfiltered capture.  If it appears to be getting dropped on the firewall, fw ctl zdebug drop would be the next command to run to see why.

Could it be that this RDP traffic is getting inappropriately NATted by the firewall prior to being put into the RA VPN tunnel and then returning in the clear?  You may need an anti-NAT rule for these types of RDP connections.  

New 2021 IPS/AV/ABOT Immersion Self-Guided Video Series
now available at http://www.maxpowerfirewalls.com
0 Kudos
Anders_Gustafss
Explorer

I have now done the fw monitor -F command with a filter to only see RDP traffic between a computer from my company to a remote VPN Mobile client. This is the last logging before the connection is broken (172.X.X.221 is the computer at my company and the "10.X.X.21" is the remote VPN Mobile clients IP:

TCP: 64381 -> 3389 ...PA. seq=97965d68 ack=9dc065be
[vs_0][ppak_0] eth1-01.2:i[40]: 172.X.X.221 -> 10.X.X.21 (TCP) len=40 id=9533
TCP: 64381 -> 3389 ..R.A. seq=979661ca ack=9dc065be
[vs_0][fw_2] eth1-01.2:I[40]: 172.X.X.221 -> 10.X.X.21 (TCP) len=40 id=9533
TCP: 64381 -> 3389 ..R.A. seq=979661ca ack=9dc065be
[vs_0][fw_2] eth1:o[40]: 172.X.X.221 -> 10.X.X.21 (TCP) len=40 id=9533
TCP: 64381 -> 3389 ..R.A. seq=979661ca ack=9dc065be
[vs_0][ppak_0] eth1:Oe[40]: 172.X.X.221 -> 10.X.X.21 (TCP) len=40 id=9533
TCP: 64381 -> 3389 ..R.A. seq=979661ca ack=9dc065be

And here are the first "drop" loggings after the VPN connection is down with the fw ctl zdebug + drop | grep '10.X.X.12'

@;1584313098;[cpu_0];[SIM-209104189];sim (vpn_encrypt): drop due vpn_ipsec_encrypt returns PKT_DROP(3), conn: <172.X.X.221,63511,10.X.X.12,3389,6>;
@;1584313098;[cpu_0];[SIM-209104189];handle_vpn_encryption: ipsec_encrypt failed: failed to find SA. Dropping packet... conn: <172.X.X.221,63511,10.X.X.12,3389,6>;
@;1584313098;[cpu_0];[SIM-209104189];sim_pkt_send_drop_notification: (0,2) received drop, reason: Encryption Failed, conn: <172.X.X.221,63511,10.X.X.12,3389,6>;
@;1584313098;[cpu_0];[SIM-209104189];sim_pkt_send_drop_notification: sending packet dropped notification drop mode: 0 debug mode: 1 send as is: 0 track_lvl: -1, conn: <172.X.X.221,63511,10.X.X.12,3389,6>;
@;1584313098;[cpu_0];[SIM-209104189];sim_pkt_send_drop_notification: sending single drop notification, conn: <172.X.X.221,63511,10.X.X.12,3389,6>;
@;1584313099;[cpu_0];[SIM-209104189];do_packet_finish: SIMPKT_IN_DROP vsid=0, conn:<172.X.X.221,63511,10.X.X.12,3389,6>;

We have no NAT between the Office Mode IP addresses and the internal network so I don't think it's a NAT problem.

Can anyone help me interpret these logs above?

In my opinion I think it's the remote VPN Mobile client that imediately closes the connection when the new admin user from the company computer is taking over (logging on) the loggedon users remote computer. It seems that the VPN Mobile client session only "follows" the for moment loggedon user.


0 Kudos
Francisco_Sachi
Participant

Hello Anders, can u find a solution for this issue?

0 Kudos