[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now

x
?
Solved

access list

Posted on 2006-11-15
2
Medium Priority
?
272 Views
Last Modified: 2013-11-21
hi
iam asking to open port 3389 in my pix 525 to enable remote desktop connection from outside of my network and i get these two answer

static (inside,outside) 172.16.110.2  62.68.65.43
access-list inbound permit tcp any host 62.68.65.43 eq 3389
access-list inbound permit udp any host 62.68.65.43 eq 3389
access-group inbound in interface outside

static (inside,outside) 172.16.110.2 62.68.65.43
access-list outbound permit tcp host 62.68.65.43 any eq 3389
access-list outbound permit udp host 62.68.65.43 any eq 3389
access-group outbound out interface outside

what command i can use
and waht is the diffrent betwen them

thanks
0
Comment
Question by:nasemabdullaa
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 10

Accepted Solution

by:
Sorenson earned 1000 total points
ID: 17947846
The first:
static (inside,outside) 172.16.110.2  62.68.65.43   netmask 255.255.255.255
access-list inbound permit tcp any host 62.68.65.43 eq 3389
access-list inbound permit udp any host 62.68.65.43 eq 3389
access-group inbound in interface outside

allows any host on the outside to RDP (remote desktop) to the outside address of 62.68.65.43 and it will translate to the inside host of 172.16.110.2

The second:
static (inside,outside) 172.16.110.2 62.68.65.43
access-list outbound permit tcp host 62.68.65.43 any eq 3389
access-list outbound permit udp host 62.68.65.43 any eq 3389
access-group outbound out interface outside

is incorrect and not needed.  It would be useful if you want to allow rdp out from 172.16.110.2, but even then it is incorrect.  The access-list should be:
access-list outboune permit tcp host 172.16.110.2 any eq 3389 to allow 172.16.110.2 to RDP to something on the internet.

The return traffic from the outside attempts to reach rdp on the inside server are stateful and therefore do not need an outbound acl to allow them.


RDP does not require UDP 3389 only TCP 3389 so the UDP line can be removed from the config.


0
 

Author Comment

by:nasemabdullaa
ID: 17947907
hi
thanks
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Short answer to this question: there is no effective WiFi manager in iOS devices as seen in Windows WiFi or Macbook OSx WiFi management, but this article will try and provide some amicable solutions to better suite your needs.
WARNING:   If you follow the instructions here, you will wipe out your VTP and VLAN configurations.  Make sure you have backed up your switch!!! I recently had some issues with a few low-end Cisco routers (RV325) and I opened a case with Cisco TA…
There's a multitude of different network monitoring solutions out there, and you're probably wondering what makes NetCrunch so special. It's completely agentless, but does let you create an agent, if you desire. It offers powerful scalability …
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…

656 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question