Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 252
  • Last Modified:

configuring pix to allow terminal server from outside

I have a new Pix 506e I have set up at a customer with 1 IP address how do I set it up so we can connect to the terminal server from the outside?  the Ip of the server is 192.168.1.200.

I have done this on a  pix with multiple IP addresses, but not on one with just one IP  please help!
0
mturnow
Asked:
mturnow
  • 4
  • 2
1 Solution
 
batry_boyCommented:
Since you have only the one public IP address, which is presumably used on the outside PIX interface, here's how to do it:

static (inside,outside) tcp interface 3389 192.168.1.200 3389 netmask 255.255.255.255
access-list outside_access_in permit tcp any interface outside eq 3389
access-group outside_access_in in interface outside

This allows any Internet host to RDP into that machine, so I would specify individual source IP addresses for that access list for security reasons if you know what they are.
0
 
mturnowAuthor Commented:
what do you mean by:

so I would specify individual source IP addresses for that access list for security reasons if you know what they are
0
 
batry_boyCommented:
Well, if the people that you want to be able to access the server via a remote desktop connection have a known public static IP address, then you would find out what that is and then structure your access list using only the static IP address for those users.  For example, if you had an external user that had 1.1.1.1 as a static public IP address, then you would use the following access list statement to only allow that source IP address (1.1.1.1) to access that server via remote desktop:

access-list outside_access_in permit tcp host 1.1.1.1 interface outside eq 3389

You would then put in one of those statements like above for every user that had a static public address.  This may not be feasible for your situation since the users you want to have access the server may not have static public IP addresses.  Make sense?
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
mturnowAuthor Commented:
Yep makes sense.  I will give this a try Monday morning.  
0
 
mturnowAuthor Commented:
did not work, gave me an error
0
 
mturnowAuthor Commented:
nevermind i retried and it worked beautifully
0

Featured Post

Microsoft Certification Exam 74-409

VeeamĀ® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

  • 4
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now