Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

Can't connect to remote clients via RDP using VPN from remote client on VPN

SmackieSmackie Newbie ✭

I can connect to servers on prem via our NetExtender SSLVPN using RDP but if I try to connect to remote clients which are also VPN connected I cannot connect and get the error, "Remote Desktop can't connect to the remote computer for one of these reasons..." (See attached Capture1.jpg).

I tried pinging the remote VPN connected device noting both devices had a local IP from our on prem network. The ping failed to get any responses.

I ran gpresult /Scope Computer /v and saw the following GPO was listed

Result included: 

GPO: Enable Remote Desktop

Folder Id: SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services\fDenyTSConnections

Value: 0, 0, 0, 0

State: Enabled

I followed two methods (1. GUI and 3. Command Line) from this web site to try and authorize RDPing into the clients both of which are offsite but VPN connected. https://www.interfacett.com/blogs/methods-to-enable-and-disable-remote-desktop-locally/

Commands run:

Reg add “HKEY_LOCAL_MACHINE\SYSTEM\CurentControlSet\Control\Terminal Server” /v fDenyTSConnections /t REG_DWORD /d 0 /f

Netsh advfirewall firewall set rule group=”remote desktop” new enable=yes

We rebooted the machines and restarted the VPNs and we were unsuccessful getting a connection using Netextender using the machine names.

I tried using the local on prem IP address as the address for the RDP connection but that failed as well.

I'm wondering if the SSLVPN client settings are preventing the connection. See Capute2.png attached. Any ideas?


)

Category: SonicWave
Reply

Answers

  • TKWITSTKWITS Cybersecurity Overlord ✭✭✭

    Not sure why you put this under Sonicwave category, but anyways...

    Why would you expect RDP over VPN client to another VPN client to work? Theoretically possible, but seems like a bad idea to me.

    Is the SSLVPN Client config allowing access to the SSLVPN IPV4 address object? Did you create access rules allowing RDP (or any) traffic to SSLVPN zone, from SSLVPN zone?

Sign In or Register to comment.