jolly403
MIS
- Jul 5, 2005
- 17
- 0
- 0
I've got to do a temporary solution to give an internal user Windows Remote Desktop Access to a server on the internet. I know this isn't ideal and there's much better ways, but...
Layout is:
internal>>>CP>>>Switch(for monitoring)>>>Cisco 1841 with DSL card>>>Internet>>>Remote Server
the Checkpoint is doing hide Nat for all internal clients. the Checkpoints external interface has a private address, so the cisco, which has our public address, does NAT overload to the dialer interface. There is a rule in the Checkpoint allowing Terminal Services (port 3389) to any.
When I launch the remote desktop connection from internally, I see the connection attempt in the firewall logs but nothing else. Same when I capture the traffic at the firewall with fw monitor.
However, if I plug a laptop into the switch between the firewall and Cisco (effectively bypassing the firewall), I connect with no problems. Other services work fine (HTTP with a resource, etc).
Any input is greatly appreciated.
Brian
Layout is:
internal>>>CP>>>Switch(for monitoring)>>>Cisco 1841 with DSL card>>>Internet>>>Remote Server
the Checkpoint is doing hide Nat for all internal clients. the Checkpoints external interface has a private address, so the cisco, which has our public address, does NAT overload to the dialer interface. There is a rule in the Checkpoint allowing Terminal Services (port 3389) to any.
When I launch the remote desktop connection from internally, I see the connection attempt in the firewall logs but nothing else. Same when I capture the traffic at the firewall with fw monitor.
However, if I plug a laptop into the switch between the firewall and Cisco (effectively bypassing the firewall), I connect with no problems. Other services work fine (HTTP with a resource, etc).
Any input is greatly appreciated.
Brian
