RDP NAT/FORWARD



  • Hi Guys,
    We are using in production Pfsense between two Subnets Main gateway is Cisco ASA is forwarding all the traffic to the Pfsense WAN ip 192.168.100.20

    Pfsense WAN side Pfsense WAN side is 192.168.100.20 and Lan is 10.0.0.0/24.
    There is Servers behind the Pfsense which need to be accessible from the LAN of the ASA 192.168.100.0/24
    the block private and begon network is unchecked.
    so I've NAT Port MS RDP 3389 to the host 10.0.0.20. I even forwarded the port on the WAN side and it's did not work.
    do i have to NAT or Forward the port in order to get the RDP working ?
    whenever I run a RDP to Server behind Pfsense the RDP failed.

    thank you



  • do i have to NAT or Forward the port in order to get the RDP working ?

    Yes, of course.  Show your port forward and WAN rule.



  • @KOM:

    do i have to NAT or Forward the port in order to get the RDP working ?

    Yes, of course.  Show your port forward and WAN rule.

    tomorrow when I am in the office I will upload the rules screenshots.
    do you mean I need both NAT and rules ?
    I mean when you create a NAT it create automatically a rule on the WAN side?


  • Banned

    When your "WAN side is 192.168.100.20", obviously no forwarding will be possible without configuring the "upstream" router first.



  • do you mean I need both NAT and rules ?
    I mean when you create a NAT it create automatically a rule on the WAN side?

    Yes.  Normally the associated firewall rule is automatically created unless you tell it not to.

    When your "WAN side is 192.168.100.20", obviously no forwarding will be possible without configuring the "upstream" router first.

    He mentioned LAN-side on the Cisco so I'm assuming he's trying to access from 192.168.110.x.  Can you clarify, Jamerson?  Which network are you trying to come in from?



  • @KOM:

    do you mean I need both NAT and rules ?
    I mean when you create a NAT it create automatically a rule on the WAN side?

    Yes.  Normally the associated firewall rule is automatically created unless you tell it not to.

    When your "WAN side is 192.168.100.20", obviously no forwarding will be possible without configuring the "upstream" router first.

    He mentioned LAN-side on the Cisco so I'm assuming he's trying to access from 192.168.110.x.  Can you clarify, Jamerson?  Which network are you trying to come in from?

    thank you so much guys,
    had to reboot the PFSENSE and stuff start working.
    probably after creating the NAT rule some hangs , the reboot fix it.

    much appreciate it your support


Log in to reply