?
Solved

access list

Posted on 2006-11-15
2
Medium Priority
?
271 Views
Last Modified: 2013-11-21
hi
iam asking to open port 3389 in my pix 525 to enable remote desktop connection from outside of my network and i get these two answer

static (inside,outside) 172.16.110.2  62.68.65.43
access-list inbound permit tcp any host 62.68.65.43 eq 3389
access-list inbound permit udp any host 62.68.65.43 eq 3389
access-group inbound in interface outside

static (inside,outside) 172.16.110.2 62.68.65.43
access-list outbound permit tcp host 62.68.65.43 any eq 3389
access-list outbound permit udp host 62.68.65.43 any eq 3389
access-group outbound out interface outside

what command i can use
and waht is the diffrent betwen them

thanks
0
Comment
Question by:nasemabdullaa
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 10

Accepted Solution

by:
Sorenson earned 1000 total points
ID: 17947846
The first:
static (inside,outside) 172.16.110.2  62.68.65.43   netmask 255.255.255.255
access-list inbound permit tcp any host 62.68.65.43 eq 3389
access-list inbound permit udp any host 62.68.65.43 eq 3389
access-group inbound in interface outside

allows any host on the outside to RDP (remote desktop) to the outside address of 62.68.65.43 and it will translate to the inside host of 172.16.110.2

The second:
static (inside,outside) 172.16.110.2 62.68.65.43
access-list outbound permit tcp host 62.68.65.43 any eq 3389
access-list outbound permit udp host 62.68.65.43 any eq 3389
access-group outbound out interface outside

is incorrect and not needed.  It would be useful if you want to allow rdp out from 172.16.110.2, but even then it is incorrect.  The access-list should be:
access-list outboune permit tcp host 172.16.110.2 any eq 3389 to allow 172.16.110.2 to RDP to something on the internet.

The return traffic from the outside attempts to reach rdp on the inside server are stateful and therefore do not need an outbound acl to allow them.


RDP does not require UDP 3389 only TCP 3389 so the UDP line can be removed from the config.


0
 

Author Comment

by:nasemabdullaa
ID: 17947907
hi
thanks
0

Featured Post

Optimize your web performance

What's in the eBook?
- Full list of reasons for poor performance
- Ultimate measures to speed things up
- Primary web monitoring types
- KPIs you should be monitoring in order to increase your ROI

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article will inform Clients about common and important expectations from the freelancers (Experts) who are looking at your Gig.
This article explains the fundamentals of industrial networking which ultimately is the backbone network which is providing communications for process devices like robots and other not so interesting stuff.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question