Flexology
asked on
PIX 501 RDP/Terminal Services 3389
Hello,
Apologies if this is a proper dumb question but I'm very very new to this Cisco business. I'm trying to allow an outside support company through the firewall onto one of our servers via RDP/Terminal Services. Please can I have the idiot guide to creating all the correct port maps, rules etc.. to allow this company access.
The internal server IP of the server thay need to access is 192.168.1.6
The IP of the support company is 82.34.162.112
They want to come in via RDP/Terminal Services: Port 3389
I only want them to access this server though and I don't want any other external IP's to come in via RDP/Terminal Servers e.g. a 1 to 1 connection from 82.34.162.112:3389 to 192.168.1.6:3389
Thanks
Apologies if this is a proper dumb question but I'm very very new to this Cisco business. I'm trying to allow an outside support company through the firewall onto one of our servers via RDP/Terminal Services. Please can I have the idiot guide to creating all the correct port maps, rules etc.. to allow this company access.
The internal server IP of the server thay need to access is 192.168.1.6
The IP of the support company is 82.34.162.112
They want to come in via RDP/Terminal Services: Port 3389
I only want them to access this server though and I don't want any other external IP's to come in via RDP/Terminal Servers e.g. a 1 to 1 connection from 82.34.162.112:3389 to 192.168.1.6:3389
Thanks
for the second way, you do not need to assigne a public Ip address. check this solution.
https://www.experts-exchange.com/questions/20985574/Port-forwarding-on-PIX-506e.html
https://www.experts-exchange.com/questions/20985574/Port-forwarding-on-PIX-506e.html
the only difference for the last solution, is that you would have to tell it that it only accept the connection from 82.34.162.112 like this.
access-list outside_access_in permit tcp host 82.34.162.112 any interface eq 443
access-list outside_access_in permit tcp host 82.34.162.112 any interface eq 443
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
1- associate your internal address with a external public one.. ex: 207.x.x.x
2- Create a new ACL entry for the outside interface of your firewall accepting connection from the ip 82.34.162.112 on port 3389 for the address 207.x.x.x
static (inside,outside) 207.x.x.x 192.168.1.6 netmask 255.255.255.255 0 0 (this line is to associate the your inside address to the outside one)
access-list acl_outside permit tcp host 82.34.162.112 host 207.x.x.x eq 3389
that's it.. all request for port 3389 on address 207.x.x.x comming from 82.34.162.112 will be accepted and fowarded.