Solved

RDP through Nat on Cisco router and Linksys wrt54g

Posted on 2008-10-13
9
1,137 Views
Last Modified: 2012-05-05
Hey everyone,

i have a cisco 2621 router that goes to a linksys wrt 54g and then to a cisco 2950 switch. I've been looking around and i know you have to put the ip nat inside source static tcp xxxx.xxxx.xxxx.xxxx interface whatever. and then put in the access-list. did that and its still not working. i know i'm missing something. heres my config.  Thanks in advance.

!
no aaa new-model
ip subnet-zero
no ip source-route
ip cef
!
!
no ip dhcp conflict logging
!        
ip dhcp pool client
   network 192.168.255.0 255.255.255.0
   default-router 192.168.255.1
   dns-server 192.168.1.41 4.2.2.2 4.2.2.3
   domain-name henry.local
!
!
!
!
!
!
interface FastEthernet0/0
 description WAN
 ip address dhcp
 no ip unreachables
 ip nat outside
 no ip mroute-cache
 duplex auto
 speed auto
 no cdp enable
!
interface Serial0/0
 no ip address
 no ip mroute-cache
 shutdown
!
interface FastEthernet0/1
 description LAN
 ip address 192.168.255.1 255.255.255.0
 ip nat inside
 no ip mroute-cache
 speed auto
 full-duplex
 no cdp enable
!
ip nat inside source list 10 interface FastEthernet0/0 overload
ip nat inside source static tcp 192.168.1.10 3389 interface FastEthernet0/0 3389
no ip http server
ip classless
ip default-network 192.168.255.0
!
!
access-list 10 permit 192.168.255.0 0.0.0.255
access-list 10 permit 192.168.1.0 0.0.0.255
access-list 120 permit tcp any any eq 3389
access-list 120 permit tcp any any eq www
access-list 120 permit tcp any any eq ftp
access-list 120 permit tcp any any eq 443
access-list 120 permit tcp any any eq 22
access-list 120 permit tcp any any eq smtp
!
line con 0
line aux 0
line vty 0 4
 password
 login    
!
!
end

0
Comment
Question by:hstern03
  • 6
  • 3
9 Comments
 
LVL 16

Expert Comment

by:btassure
ID: 22700586
You haven't applied an ACL for the inbound traffic. You need to apply the ACL to your outside interface. That isn't what's causing the problem though.
Does it work if you plug a PC in next to the 2621 and RDP straight through the Linksys?
IE:
PC     -|_____WRT54G---Switch
2621 -|
Can you telnet through the router on port 3389?
0
 

Author Comment

by:hstern03
ID: 22701957
Excuse my ignorance i'm pretty new to cisco routers i got it a couple days ago. What is the ACL for inbound traffic? i thought thats what the ip nat insouce was.

I'm not at home right now so i can't test what you wanted me to. i will tell you i can rdp when it's just the linksys.

what do you mean telnet through the router on port 3389
0
 

Author Comment

by:hstern03
ID: 22705748
i guess i'm not getting it. do i forward to my linksys (that has port forwarding enabled also) that comes right after the cisco router, or directly to the server i want to have rdp?

what is the ACL i need for incoming requests?
0
 
LVL 16

Accepted Solution

by:
btassure earned 125 total points
ID: 22705945
You have already created the ACL for the inbound traffic (120) you just haven't applied it to an interface.
You need both a NAT statement for each service and a firewall (ACL) rule to allow it in.

By telnet through I mean go to a command line on a machine that is either on the internet and also one that is side-by-side with the cisco router and enter:
telnet x.x.x.x 3389
replace x with the requisite IP address.

From the Cisco you need to NAT to the outside IP of the Linksys. I'm not sure why you are doubling up the routers but I will assume there is a good reason...
0
IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 

Author Comment

by:hstern03
ID: 22706429
alright yeah i don't really have a good reason for having the linksys wrt 54g right after the cisco. I'm going to remove the linksys and plug it into my switch and use it as an access point and then see if it works. both are on NAT and i just was informed that was a bad idea.

so i do... ip nat inside source static tcp (myserver) 3389 interface fastethernet0/0 3389

then do... access-list permit 120 tcp (my server) interface fastethernet0/0 eq 3389

is this correct? or do i do 0/1 on the second one?
0
 

Author Comment

by:hstern03
ID: 22707869
hey thanks for the help. i got the RDP working with out the linksys.

what is the acl for port redirection with a remote desktop. like say i wanted to do <my host>:3389

how would i go about that?
0
 

Author Comment

by:hstern03
ID: 22707877
oops sorry i meant  <my host> :3390  
0
 

Author Closing Comment

by:hstern03
ID: 31407082
thanks for the help i appreciate it.
0
 
LVL 16

Expert Comment

by:btassure
ID: 22713639
You have already created the ACL. You need to apply it to the correct interface:
conf t

int fa0/0

access-group 120

end

write mem

Open in new window

0

Featured Post

Zoho SalesIQ

Hassle-free live chat software re-imagined for business growth. 2 users, always free.

Join & Write a Comment

While it is possible to put two routes in place with the secondary having a higher metric, this may not always work. In the event of a failure that does not bring down the physical interface on the router the primary route is not removed. There is a…
The Cisco RV042 router is a popular small network interfacing device that is often used as an internet gateway. Network administrators need to get at the management interface to make settings, change passwords, etc. This access is generally done usi…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now