I am having problem with Windows remote desktop gateway service from external network.

My Scenarios are as:

I am using self-sign certificate.

 

Rdweb acess :

DNS entry for Vdi.abctest.com.au external network is resolving ok DNS entry for Vdi.abctest.com.au internal network is 192.168.30.51 which resolving ok for internal network.

 

Ad01.abctest.local =  = 192.168.30.40 Ad02.abctest.local =  = 192.168.30.40

System01.abctest.local  = 192.168.30.50 Broker01.abctest.local = 192.168.30.51 [ RDweb and Gateway]

All server gateway is : 192.168.30.1

MY ASA Firewall entry: 

object network vid  host 192.168.30.51

object network vdi-tcp  host 192.168.30.51

access-list outside_access_in extended permit tcp any object vdi eq 443 access-list outside_access_in extended permit udp any object vdi-tcp eq 3391

object network vdi  nat (inside,outside) static interface service udp 3391 3391

object network vdi-tcp  nat (inside,outside) static interface service tcp https https

 

I could access RDweb from local network through https://Vdi.abctest.com.au/Rdweb  and use all publish application without any problem.

 

 

 

I could access Rdweb from external network through https://Vdi.abctest.com.au/Rdweb.  I could able to login

To check with my configuration: I updated DefaultTSGwatway to web URL:

 

 

 

Anyone could point me out what I am missing?

According to my understanding with windows 2012 R2 gateway service I dont need to open 3389 port.

Only 443 and 3391 [UDP] should be ok.

Thank you all in advance.

• Edited by Mohammad Salaque 6 hours 22 minutes ago