Solved

PIX 501 RDP/Terminal Services 3389

Posted on 2004-08-29
4
1,672 Views
Last Modified: 2013-11-16
Hello,
Apologies if this is a proper dumb question but I'm very very new to this Cisco business. I'm trying to allow an outside support company through the firewall onto one of our servers via RDP/Terminal Services. Please can I have the idiot guide to creating all the correct port maps, rules etc.. to allow this company access.

The internal server IP of the server thay need to access is 192.168.1.6
The IP of the support company is 82.34.162.112
They want to come in via RDP/Terminal Services: Port 3389
I only want them to access this server though and I don't want any other external IP's to come in via RDP/Terminal Servers e.g. a 1 to 1 connection from 82.34.162.112:3389 to 192.168.1.6:3389

Thanks
0
Comment
Question by:Flexology
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
4 Comments
 
LVL 15

Expert Comment

by:Yan_west
ID: 11928000
2 way to do it I guess, first, assign 1 public ip to the computer you want to remote desktop to.. ex: 207.x.x.x

1- associate your internal address with a external public one.. ex: 207.x.x.x
2- Create a new ACL entry for the outside interface of your firewall accepting connection from the ip 82.34.162.112 on port 3389 for the address 207.x.x.x


static (inside,outside) 207.x.x.x 192.168.1.6 netmask 255.255.255.255 0 0    (this line is to associate the your inside address to the outside one)
access-list acl_outside permit tcp host 82.34.162.112 host 207.x.x.x eq 3389

that's it.. all request for port 3389 on address 207.x.x.x comming from 82.34.162.112 will be accepted and fowarded.
0
 
LVL 15

Expert Comment

by:Yan_west
ID: 11928018
for the second way, you do not need to assigne a public Ip address. check this solution.

http://www.experts-exchange.com/Security/Firewalls/Q_20985574.html
0
 
LVL 15

Expert Comment

by:Yan_west
ID: 11928022
the only difference for the last solution, is that you would have to tell it that it only accept the connection from 82.34.162.112 like this.

access-list outside_access_in permit tcp host 82.34.162.112 any interface eq 443
0
 
LVL 15

Accepted Solution

by:
Yan_west earned 500 total points
ID: 11928027
Hmm, you may have to remove the any for the last message btw.. not sure.
0

Featured Post

Automating Your MSP Business

The road to profitability.
Delivering superior services is key to ensuring customer satisfaction and the consequent long-term relationships that enable MSPs to lock in predictable, recurring revenue. What's the best way to deliver superior service? One word: automation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
GPR - Cannot telnet 15 90
iPhone6S Virus/Malware Protection - Evaluating Brands 7 60
Is my Machine open to hackers 3 123
Watchguard XTM 2 100
Wikipedia defines 'Script Kiddies' in this informal way: "In hacker culture, a script kiddie, occasionally script bunny, skiddie, script kitty, script-running juvenile (SRJ), or similar, is a derogatory term used to describe those who use scripts or…
To setup a SonicWALL for policy based routing to be used with the Websense Content Gateway there are several steps that need to be completed. Below is a rough guide for accomplishing this. One thing of note is this guide is intended to assist in the…
In an interesting question (https://www.experts-exchange.com/questions/29008360/) here at Experts Exchange, a member asked how to split a single image into multiple images. The primary usage for this is to place many photographs on a flatbed scanner…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

739 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question