Solved

Allowing RDP through Cisco router

Posted on 2008-10-28
7
231 Views
Last Modified: 2011-10-19
ok, simply put we have a vendor that needs to have access to internal server, i created a NAT rule to allow 3389 traffic to go to that server, but it lets everyone to it, i want to restrict access to that server based on thier public ip..attached is the config..thanks
cobrun.txt
0
Comment
Question by:jasonmichel
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
7 Comments
 
LVL 43

Accepted Solution

by:
JFrederick29 earned 500 total points
ID: 22821272
You can apply an access-list to the WAN interface that only allows RDP from your vendor (x.x.x.x).

conf t
ip access-list extended internet-in
permit tcp host x.x.x.x host 70.62.43.150 eq 3389  <--where x.x.x.x is the public IP of your vendor
deny tcp any host 70.62.43.150 eq 3389
permit ip any any

int g0/0
ip access-group internet-in in
0
 
LVL 1

Author Comment

by:jasonmichel
ID: 22821397
i am going to get ahold of vendor to test...but i think that will work..thanks, just another quick question...if i wanted to add another host to be allowed to get to that server how do i add a sequence to the NACL?  

thanks
0
 
LVL 43

Expert Comment

by:JFrederick29
ID: 22821431
If you do a "show access-list internet-in", you will see line numbers next to the access-list.

For example:

10 permit tcp host x.x.x.x host 70.62.43.150 eq 3389
20 deny tcp any host 70.62.43.150 eq 3389
30 permit ip any any

Simply add the new entry with a line number to insert the permit before the deny.

conf t
ip access-list ext internet-in
12 permit tcp host y.y.y.y host 70.62.43.150 eq 3389    <--where y.y.y.y is the new vendor IP

Your new access would look like this:

10 permit tcp host x.x.x.x host 70.62.43.150 eq 3389
12 permit tcp host y.y.y.y host 70.62.43.150 eq 3389
20 deny tcp any host 70.62.43.150 eq 3389
30 permit ip any any
0
Now Available: Firebox Cloud for AWS and FireboxV

Firebox Cloud brings the protection of WatchGuard’s leading Firebox UTM appliances to public cloud environments. It enables organizations to extend their security perimeter to protect business-critical assets in Amazon Web Services (AWS).

 
LVL 1

Author Comment

by:jasonmichel
ID: 22821464
i def want the sequence number to be lower  than the deny sequence number correct?
0
 
LVL 43

Expert Comment

by:JFrederick29
ID: 22821483
Yes, the permit needs to be before the deny so you can choose any number between 10 and 20 (11-19).
0
 
LVL 1

Author Comment

by:jasonmichel
ID: 22821638
added my home ip to it and tested..it worked..thanks for the simple yet great instructions
0
 
LVL 1

Author Closing Comment

by:jasonmichel
ID: 31510710
thanks for the help, you made it very simple to understand and it did exactly what i needed it to
0

Featured Post

Building an interactive eFuture classroom

Watch and learn how ATEN provided a total control system solution including seamless switching matrix switch, HDBaseT extenders, PDU, lighting control to build an interactive eFuture classroom.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Ms azure 2 44
IPv6 and IPv4 Subnetting scheme 4 77
how to get delisted from spamhaus DBL 3 81
TLS 1.0 & Windows 7 - How to disable? 16 120
Hello to you all, I hear of many people congratulate AWS (Amazon Web Services) on how easy it is to spin up and create new EC2 (Elastic Compute Cloud) instances, but then fail and struggle to connect to them using simple tools such as SSH (Secure…
I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

749 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question