?
Solved

access list

Posted on 2006-11-15
2
Medium Priority
?
273 Views
Last Modified: 2013-11-21
hi
iam asking to open port 3389 in my pix 525 to enable remote desktop connection from outside of my network and i get these two answer

static (inside,outside) 172.16.110.2  62.68.65.43
access-list inbound permit tcp any host 62.68.65.43 eq 3389
access-list inbound permit udp any host 62.68.65.43 eq 3389
access-group inbound in interface outside

static (inside,outside) 172.16.110.2 62.68.65.43
access-list outbound permit tcp host 62.68.65.43 any eq 3389
access-list outbound permit udp host 62.68.65.43 any eq 3389
access-group outbound out interface outside

what command i can use
and waht is the diffrent betwen them

thanks
0
Comment
Question by:nasemabdullaa
2 Comments
 
LVL 10

Accepted Solution

by:
Sorenson earned 1000 total points
ID: 17947846
The first:
static (inside,outside) 172.16.110.2  62.68.65.43   netmask 255.255.255.255
access-list inbound permit tcp any host 62.68.65.43 eq 3389
access-list inbound permit udp any host 62.68.65.43 eq 3389
access-group inbound in interface outside

allows any host on the outside to RDP (remote desktop) to the outside address of 62.68.65.43 and it will translate to the inside host of 172.16.110.2

The second:
static (inside,outside) 172.16.110.2 62.68.65.43
access-list outbound permit tcp host 62.68.65.43 any eq 3389
access-list outbound permit udp host 62.68.65.43 any eq 3389
access-group outbound out interface outside

is incorrect and not needed.  It would be useful if you want to allow rdp out from 172.16.110.2, but even then it is incorrect.  The access-list should be:
access-list outboune permit tcp host 172.16.110.2 any eq 3389 to allow 172.16.110.2 to RDP to something on the internet.

The return traffic from the outside attempts to reach rdp on the inside server are stateful and therefore do not need an outbound acl to allow them.


RDP does not require UDP 3389 only TCP 3389 so the UDP line can be removed from the config.


0
 

Author Comment

by:nasemabdullaa
ID: 17947907
hi
thanks
0

Featured Post

Transaction-level recovery for Oracle database

Veeam Explore for Oracle delivers low RTOs and RPOs with agentless transaction log backup and transaction-level recovery of Oracle databases. You can restore the database to a precise point in time, even to a specific transaction.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Originally, this post was published on Monitis Blog, you can check it here . It goes without saying that technology has transformed society and the very nature of how we live, work, and communicate in ways that would’ve been incomprehensible 5 ye…
This program is used to assist in finding and resolving common problems with wireless connections.
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question