I have a routed point to point link. Segment B will allow RDP connections to Segment A. Segment A however will not allow RDP to segment B. This is purely routed and no NAT. We can see the traffic trying to pass to segment B, oddly enough though the TX value shows as 0. We know that the PC’s are working properly. Any idea’s? The OS version is 4.11.
Firewall filters?
Hard to guess without seeing your configuration. Routes, IP addressing and the firewalls (mangle, NAT and filter at least).
Segment A has a Windows 2008 server where RDP works coming from segment B. The configuration is as follows.
Segment A
Eth0=192.168.200.2 Wireless=192.168.212.1
routes–0.0.0.0 192.168.200.1
192.168.211.0 192.168.212.2
Segment B
Eth0=192.168.211.1 Wireless=192.168.212.2
route=0.0.0.0 192.168.212.1
Mangle, NAT nor any other filter is used. As you can see it is fairly simple. RDP will work locally on segment B and will work from segment B to A but not A to B.
You should do this in your firewall:
RDP is using port 3389
<anything else that you want to permit, ICMP for example>
Segment B —RDP–> Segment A - Permit
Segment A —RDP–> Segment B - Permit established
ANY ------> ANY Deny
Established means that it will permit traffic where SRC is sending response traffic.
Ok, but again keep in mind that no firewall rules or filters are set up at all. It is simple routing. Are you saying I should make a rule to specifically allow this even though no filters exist? Thanks again.
The route look fine and you do not need firewall rules because you specified that is routing. it’s look like problem with the windows firewall or something like that. try Ping the PC’s. and verify that the RDP is enable in the PC’s.
Another issue I see that your static route say 192.168.211.0 gateway=x.x.x I hope that you put the mask /24. 
I confirmed that the windows firewall is allowing RDP from remote segments. This issue is thoroughly confusing. I can RDP to other PC’s on different segments, just not to this segment.
This may be off the wall but how is your wireless link setup? Are you using WDS, MPLS, Pseudobridge?
-Louis
Question is still relevant: can you ping hosts on the other segment?
Try to add those filter rules (just the permit ones) and check for traffic hits. It will tell you at least what the router is seeing and help troubleshoot it from a packet perspective.