Hi, I am trying to RDP a computer(115.112.218.144) on Internet and its not working. My computer(192.168.168.65) is going through a sonicwall firewall Firewall LAN IP: 192.168.168.168 Firewall WAN IP: 192.168.1.5 Modem is having public IP. Source: 192.168.168.65 Destination: 115.112.218.144 I did a packet capture on my sonicwall firewall and found that SYN is sent from 192.168.168.65 to 115.112.218.144, SYN_ACK received from 115.112.218.144 to 192.168.168.65 and then immediately RST,ACK is received from 115.112.218.144 to 192.168.168.65. This issue is intermittent. If I bypass the firewall everything is working fine. Following is the packets captured from sonicwall. Please suggest. Thanks in advance.
asked 22 Jun '14, 01:38  Dan Joseph edited 22 Jun '14, 02:04 |
One Answer:
According to your description (i.e. works without the Firewall), I conclude that the firewall blocks the connection itself for whatever reason by sending RESET itself. Just one example: The RST-ACK in frame #19 is at the same time stamp as the SYN-ACK in frame #17. I guess the firewall generated the RESET itself because it did not like something in the SYN-ACK or because there is a policy that does not allow the connection. To verify my assumption, please do not capture on the firewall. Instead capture between the firewall and the modem, using one of the methods described in the Ethernet Capture Setup. If I'm right, you won't see the RST-ACK there. Then you could enable packet tracing within the SonicWall to figure out what's going on in the firewall. See the Packet Trace tool, and other Sonicwall CLI tools (please ask your local Sonicwall guru!)
Regards answered 22 Jun '14, 04:30  Kurt Knochner ♦ edited 22 Jun '14, 04:43 |
Can you upload the capture for better analysis,its clear that RST is being sent by 115.112.218.144 but one more thing i want to look is IP.ID field on syn ack and RST packet by 115.112.218.144.Are they same or different.