[Last Call] Learn about multicloud storage options and how to improve your company's cloud strategy. Register Now

x
?
Solved

How do I open Remote Desktop port on Pix 501?

Posted on 2007-11-29
6
Medium Priority
?
505 Views
Last Modified: 2012-05-05
Please provide step by step directions...inside ip will be 172.16.1.4 and outside ip lets say 12.3.45.218.
Thank you! P.S. Just the command line, I dont have the GUI.

Open in new window

0
Comment
Question by:Cubbybulin
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
6 Comments
 
LVL 28

Expert Comment

by:batry_boy
ID: 20376520
Put in the commands below in the CLI:

static (inside,outside) 12.3.45.218 172.16.1.4 netmask 255.255.255.255
access-list outside_access_in permit tcp any host 12.3.45.218 eq 3389
access-group outside_access_in in interface outside

The first command creates a static translation for inside IP 172.16.1.4 to be translated to 12.3.45.218 on the outside.  The second command allows TCP 3389 inbound to the public (translated) IP address of the inside host at 172.16.1.4.  The third command  applies the access list to the outside interface in an inbound direction.
0
 

Author Comment

by:Cubbybulin
ID: 20376855
it says error: - i am showing config - how can i make the machine 172.16.1.4 to be able to do remote desktop? thanks!

ERROR: duplicate of existing static                                  

    from inside:172.16.1.4 to outside:12.3.45.220 netmask 255.255.255.255                                                                        
Usage:  [no] static [(real_ifc, mapped_ifc)]                                            
                {<mapped_ip>|interface}                                      
                {<real_ip> [netmask <mask>]} | {access-list <acl_name>}                                                                      
                [dns] [norandomseq] [<max_conns> [<emb_lim>]]                                                            
        [no] static [(real_ifc, mapped_ifc)] {tcp|udp}                                                      
                {<mapped_ip>|interface} <mapped_port>                                                    
                {<real_ip> <real_port> [netmask <mask>]} |                                                          
                {access-list <acl_name>}                                        
                [dns] [norandomseq] [<max_conns> [<emb_lim>]]                                                            
pixfirewall(config)# show config                                
: Saved      
: Written by enable_15 at 11:59:49.105 UTC Mon Jul 9 2007                                                        
PIX Version 6.3(5)                  
interface ethernet0 10baset                          
interface ethernet1 100full                          
nameif ethernet0 outside security0                                  
nameif ethernet1 inside security100                                  
enable password GWrHuOdSnP3vVpxD encrypted                                          
passwd GWrHuOdSnP3vVpxD encrypted                                
hostname pixfirewall                    
domain-name Mydomain.org                          
fixup protocol dns maximum-length 512                                    
fixup protocol ftp 21                    
fixup protocol h323 h225 1720                            
fixup protocol h323 ras 1718-1719                                
fixup protocol http 80                      
fixup protocol ils 389                      
fixup protocol rsh 514                      
fixup protocol rtsp 554                      
fixup protocol sip 5060                      
fixup protocol sip udp 5060                          
fixup protocol skinny 2000                          
fixup protocol smtp 25                      
fixup protocol sqlnet 1521                          
fixup protocol tftp 69                      
names    
access-list aclin permit tcp any host 12.3.45.218 eq 4899                                                        
access-list aclin permit tcp any host 12.3.45.218 eq smtp                                                        
access-list aclin permit tcp any host 12.3.45.218 eq www                                                        
access-list aclin permit tcp any host 12.3.45.218 eq citrix-ica                                                              
access-list aclin permit tcp host xx.x.xx.xx host 12.3.45.218 eq ldap                                                                    
access-list vpn_nat_acl permit ip 172.16.1.0 255.255.255.0 192.168.200.0 255.255                                                                                
.255.0      
access-list outside_cryptomap_dyn_20 permit ip any 192.168.200.0 255.255.255.0                                                                              
access-list jaremotes_splitTunnelAcl permit ip 172.16.1.0 255.255.255.0 any                                                                          
pager lines 24              
mtu outside 1500                
mtu inside 1500              
ip address outside 12.3.45.221 255.255.255.248                                              
ip address inside 172.16.1.1 255.255.255.0                                          
ip audit info action alarm                          
ip audit attack action alarm                            
ip local pool RemoteVPNPool 192.168.200.1-192.168.200.254                                                        
pdm logging informational 100                            
pdm history enable                  
arp timeout 14400                
global (outside) 1 interface                            
nat (inside) 0 access-list vpn_nat_acl                                      
nat (inside) 1 0.0.0.0 0.0.0.0 0 0                                  
static (inside,outside) 12.3.45.218 172.16.1.2 netmask 255.255.255.255 0 0                                                                          
static (inside,outside) 12.3.45.219 172.16.1.3 netmask 255.255.255.255 0 0                                                                          
static (inside,outside) 12.3.45.220 172.16.1.4 netmask 255.255.255.255 0 0                                                                          
access-group aclin in interface outside                                      
route outside 0.0.0.0 0.0.0.0 12.3.45.217 1                                          
timeout xlate 0:05:00                    
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00                                                                            
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00                                                              
timeout sip-disconnect 0:02:00 sip-invite 0:03:00                                                
timeout uauth 0:05:00 absolute                              
aaa-server TACACS+ protocol tacacs+                                  
aaa-server TACACS+ max-failed-attempts 3                                        
aaa-server TACACS+ deadtime 10                              
aaa-server RADIUS protocol radius                                
aaa-server RADIUS max-failed-attempts 3                                      
aaa-server RADIUS deadtime 10                      

Passw
aaa-server LOCAL protocol localor a list of available commands
http server enable                  
http 192.168.1.0 255.255.255.0 inside
0
 
LVL 28

Accepted Solution

by:
batry_boy earned 500 total points
ID: 20378810
You already have 172.16.1.4 translated to 12.3.45.220 which is why you got the error when you put in the command that I gave you.  I didn't have your PIX config to reference before now.

Now that I see your config, here is what needs to be done:

access-list aclin permit tcp any host 12.3.45.220 eq 3389

This should allow remote desktop to 172.16.1.4 from anywhere on the Internet.  I don't recommend you keep it like this, however.  I would specify only certain source IP addresses that could remote desktop into an inside host, if possible.  It may not be in your situation, but opening up RDP to the world is just asking for trouble since any simple port scanner will detect the open port.
0
What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

 

Author Comment

by:Cubbybulin
ID: 20381296
Thank you, its working! :) Can you give me the code also how to undo it if I need to? Thanks so much!
0
 
LVL 28

Expert Comment

by:batry_boy
ID: 20386258
To take it out, just retype that same command with the word "no" in front of it:

no access-list aclin permit tcp any host 12.3.45.220 eq 3389

0
 

Author Comment

by:Cubbybulin
ID: 20386352
Thank you!
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This past year has been one of great growth and performance for OnPage. We have added many features and integrations to the product, making 2016 an awesome year. We see these steps forward as the basis for future growth.
On Feb. 28, Amazon’s Simple Storage Service (S3) went down after an employee issued the wrong command during a debugging exercise. Among those affected were big names like Netflix, Spotify and Expedia.
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
Suggested Courses

656 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question