cancel
Showing results for 
Search instead for 
Did you mean: 

unable to connect to network-client clients from inside

SOLVED
Highlighted
New Contributor

unable to connect to network-client clients from inside

Hi there

We use a SA4000 in 6.0R2. We need to connect to a server process on the NC clients. For instance, the RDP service on the remote laptop from our help-desk in the inside network. Tcp syn packets from inside disappear in the IVE rather than being encapsuled in the ssl connection on the outside.

Client applications on remote PCs run as expected.

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
New Contributor

Re: unable to connect to network-client clients from inside

Thanks Jenska

I put a rule that looks like tcp://@IPhelpdesk>/* and it works. This rule allows helpdesk to connect to the nc clients. But permits the nc clients to connect to any ports on the helpdesk PCs. Fortunately, the downstream firewall get that threat away.

View solution in original post

3 REPLIES 3
Highlighted
New Contributor

Re: unable to connect to network-client clients from inside

Check your NC access control policies for the target clients. Create a policy like tcp://*:*, udp://*:*, icmp://*:* for testing and try again, if it works.

In my opinion the NC ACLs on the IVE are a bit confusing, as ther is no way to define the traffic direction, i.e. "From/To" NC clients - at least I haven't found it yet.

Hope this helps.

Highlighted
New Contributor

Re: unable to connect to network-client clients from inside

Thanks Jenska

I put a rule that looks like tcp://@IPhelpdesk>/* and it works. This rule allows helpdesk to connect to the nc clients. But permits the nc clients to connect to any ports on the helpdesk PCs. Fortunately, the downstream firewall get that threat away.

View solution in original post

Highlighted
Occasional Contributor

Re: unable to connect to network-client clients from inside

I'm having the same issues... i was pretty sure it was working with:

tcp://<helpdesk ip's>/<mask>:3389,5900

however its now not working....

however if i put * for the port, it works! but i use the VPN for access restriction, so i'd have to redo the firewall again.

It seems for Inside --> NC Clients it needs * for ports?!?!?

I'll do some sniffing tomorrow....