• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

Access List

James Bond

James Bond

Diamond Member
I have a small network set up. I need to allow an outside user to RDP into one of the servers on my network.

I have created an access list to allow the RDP traffic into the network:
access_list remote extended permit tcp host x.x.x.x host ?.?.?.? eq 3389

How can I get to the server if it is inside the network though? Do I need to create a NAT translation?

Thanks!
 
indeed...something like this:

ip nat inside source static tcp <inside ip> 3389 interface <your outside interface> 3389
 
Originally posted by: jlazzaro
indeed...something like this:

ip nat inside source static tcp <inside ip> 3389 interface <your outside interface> 3389
Click to expand...

Thanks for the reply, I'm having a new issue now 🙂

I just created the NAT statement and it gave me an error saying there was an overlap. I attempted to RDP and got in, but it took me to the wrong host!

I went and looked at the config, and noticed that there was already an NAT created for RDP connections, which lead to a different IP. I'm a little surprised, though, because I thought the lines I put in were specific enough that a RDP connections from MY external IP, would always go to that specific server. Maybe the other NAT statement is so broad that "ANY incoming RDP connections will go to x.x.x.x"

Pre-Existing RDP NAT statement:
static (Internal-201,ELI-External) tcp interface 3389 USERS_PC_IP 3389 netmask 255.255.255.255

My new RDP NAT statement:
static (Internal-201,ELI-External) tcp MY_EXTERNAL_IP 3389 SERVER_INTERNAL_IP 3389 netmask 255.255.255.255

Is the first statement just so broad? What exactly does 'interface' mean in the first case? "Any requests coming from the outbound INTERFACE will be redirected to USERS_PC_IP?
 
Anything coming TO the outside interface will be translated if it's on tcp port 3389.

-edit-
to be more specific, anything coming to the outside interface IP address.
 
Wouldn't a statement like that cause anyone connecting to the external ip on 3389 to be connected to that specific internal server? What if you needed to RDP into a different server/station from outside the network?
 
You would need to use a different outside IP address or use access lists to specify the source of the device connecting.

If source is A connecting to C, then use D inside address
If source is B connecting to C, then use E inside address
 
Originally posted by: spidey07
You would need to use a different outside IP address or use access lists to specify the source of the device connecting.

If source is A connecting to C, then use D inside address
If source is B connecting to C, then use E inside address
Click to expand...
alternatively, connect to a different outside port number and redirect it to your inside server over 3389
 
Would seem easier to set up some sort of vpn solution and only give Terminal Service rights to that server for the specific user. Although that may be impractical depending on the size/type of the OP's network.
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top