Situation: The client has a site to site VPN to connect head office and remote office. Current computers which IP addresses have been added to firewall work fine. However, when they add more IP addresses in inbound policy on the remote office, the new IP doesn’t work.
Troubleshooting: We do see those IP addresses in remote office PA firewall. Note: Go to POLICY>Security, check the IPSec inbound policy.
In the Head Office PA firewall, we check the Monitor and find those IP addresses accessing to Remote Office port 3389 was denied.
Checking Head Office PA firewall IPSec outbound policy, we don’t see those IP addresses in.
Adding those IP addresses into Head Office PA firewall IPSec outbound policy fixes the problem.
