Welcome to the Sophos User Bulletin Board.
If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

Reply
 
LinkBack Thread Tools Display Modes
Junior Member
Join Date: Sep 2009
Posts: 11
#1 (permalink)  
Old 06-06-2011, 11:54 AM
Default Astaro Secure Client - remote desktop drops when VPN connection is initiated

Hi all,

I have a problem wit the Astaro secure client. Previously we had a virtual machine setup that was allowing us to connect to the remote client site using ASC. We were and still are able to remote desktop to it and then connect using ASC. It all works fine but recently we moved (converted) the machine to the new one that resides in new Virtual Environment. Since the conversion as soon as we initialize the ASC and establish connection, remote desktop connection to the server dies and the only way to get back on the machine is through the vSphere client and console session.

Why would that happen? Is there any particular setting that is responsible for split tunneling? I have double checked astaro confirguration on both VMs and it is all the same.

Help would be much appreciated.

Regards,
Tom
Reply With Quote
BAlfson's Avatar
Grandis Professorem Astaro
Join Date: Mar 2007
Location: Oklahoma City
Posts: 20,099
#2 (permalink)  
Old 06-06-2011, 01:10 PM
Default

I'm confused - do you establish the remote session via a site-to-site VPN, and then attempt a second SPN via Remote Access with the ACS? Depending on the subnets, you might have an IP conflict.

Also, is the RDP connection is via a DNAT from a public IP, and is that public IP the same one to which you connect with the ASC? If so, then the RDP session stops because, after the IPsec tunnel is established, the public IP the RDP knows is no longer routable for your PC.

Was either one of those your issue?

Cheers - Bob
__________________
ACE V7 - Astaro Preferred Partner since V3
SCA/UTM - Sophos Gold Solution Partner
www.MediaSoftUSA.com
Addicted to my iPhone!
Reply With Quote
Junior Member
Join Date: Sep 2009
Posts: 11
#3 (permalink)  
Old 06-06-2011, 05:01 PM
Default

Ok, it might be something to do with the network the server resides on.

So previous setup that worked/still works:
User computer on the subnet X connects to the Server on the subnet X - via RDP
On the Server user initiates Astaro to connect to another site over VPN - connects no problem and the RDP is active

New setup that doesn't work
User computer on the subnet X connects to the Server on the subnet Y (DMZ but with enabled traffic now) - via RDP
On the server when users enables Astaro, the remote connection to this server drops.
Will that be because of different subnet? Is there a way of configuring it?

Cheers,
Tom
Reply With Quote
Moderator
Join Date: Jul 2001
Location: southern California
Posts: 12,033
#4 (permalink)  
Old 06-06-2011, 09:28 PM
Default

Hi, if you have an RDP connection active, and then connect to a VPN which changes the route to the RDP server, then the RDP session is likely to get messed up and disconnected. The same thing happens with SSH sessions.

Barry
__________________
http://BlogSec.net
http://JobOyster.com
http://DealBert.net
IT Consultant specializing in high-performance Web Infrastructure and Security.
Astaro End-user since v1.x
  • ASL 9.2x, HP DL360G5 - FW, IPS, VPNs
  • ASL 9.2x, 2 Dell 1950's as WAF/proxy w HA
  • UTM 9.1x, Atom n270, 2GB RAM, 2 Intel GigE
    Netgear GS108T gigE switch & Astaro AP30 Access Point with 4 VLANs.
    60/60mbit FiOS internet.
  • Pending - UTM 9.2x, i5-4670, 4GB RAM, 2 Intel GigE
    Needs new NIC drivers before deploying
Reply With Quote
Junior Member
Join Date: Sep 2009
Posts: 11
#5 (permalink)  
Old 06-07-2011, 11:20 AM
Default

But it works perfectly on the old VM machine - where RDP sesion is remaining active....
Any ideas?

Regards,
Tom
Reply With Quote
BAlfson's Avatar
Grandis Professorem Astaro
Join Date: Mar 2007
Location: Oklahoma City
Posts: 20,099
#6 (permalink)  
Old 06-08-2011, 10:41 PM
Default

It works on the old setup because both RDP client and server were in the same subnet. You have some networking issue, but it's hard to guess. I think if you make a diagram for yourself, showing the IPs and subnets before and after connecting the VPN, you will see your problem.

Cheers - Bob
__________________
ACE V7 - Astaro Preferred Partner since V3
SCA/UTM - Sophos Gold Solution Partner
www.MediaSoftUSA.com
Addicted to my iPhone!
Reply With Quote
Junior Member
Join Date: May 2012
Posts: 1
#7 (permalink)  
Old 05-11-2012, 05:27 PM
Default Remote Desktop Connection Setup with the Astaro Firewall

I have an Astaro 425 Firewalll, and the I need to allow remote desktop connection from windows OS using an external IP address.

Can I do that? Is that possible to setup on the firewall a external IP address pointed to an internal IP address?

Please repond as soon as possible.

Regards,
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT. The time now is 03:39 PM.


Powered by vBulletin® Version 3.8.6
Copyright ©2000 - 2015, Jelsoft Enterprises Ltd.

These pages are specifically maintained for the discussion of firewall issues within the Open Source community, and might already reflect new alpha/beta releases under development. Please refer to our product specifications for the functionality of the actual release. Discussions of new/enhanced functionality does not constitute a commitment of Astaro, to integrate this functionality into future releases.