Solved

Allowing RDP through Cisco router

Posted on 2008-10-28
7
227 Views
Last Modified: 2011-10-19
ok, simply put we have a vendor that needs to have access to internal server, i created a NAT rule to allow 3389 traffic to go to that server, but it lets everyone to it, i want to restrict access to that server based on thier public ip..attached is the config..thanks
cobrun.txt
0
Comment
Question by:jasonmichel
  • 4
  • 3
7 Comments
 
LVL 43

Accepted Solution

by:
JFrederick29 earned 500 total points
Comment Utility
You can apply an access-list to the WAN interface that only allows RDP from your vendor (x.x.x.x).

conf t
ip access-list extended internet-in
permit tcp host x.x.x.x host 70.62.43.150 eq 3389  <--where x.x.x.x is the public IP of your vendor
deny tcp any host 70.62.43.150 eq 3389
permit ip any any

int g0/0
ip access-group internet-in in
0
 
LVL 1

Author Comment

by:jasonmichel
Comment Utility
i am going to get ahold of vendor to test...but i think that will work..thanks, just another quick question...if i wanted to add another host to be allowed to get to that server how do i add a sequence to the NACL?  

thanks
0
 
LVL 43

Expert Comment

by:JFrederick29
Comment Utility
If you do a "show access-list internet-in", you will see line numbers next to the access-list.

For example:

10 permit tcp host x.x.x.x host 70.62.43.150 eq 3389
20 deny tcp any host 70.62.43.150 eq 3389
30 permit ip any any

Simply add the new entry with a line number to insert the permit before the deny.

conf t
ip access-list ext internet-in
12 permit tcp host y.y.y.y host 70.62.43.150 eq 3389    <--where y.y.y.y is the new vendor IP

Your new access would look like this:

10 permit tcp host x.x.x.x host 70.62.43.150 eq 3389
12 permit tcp host y.y.y.y host 70.62.43.150 eq 3389
20 deny tcp any host 70.62.43.150 eq 3389
30 permit ip any any
0
Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

 
LVL 1

Author Comment

by:jasonmichel
Comment Utility
i def want the sequence number to be lower  than the deny sequence number correct?
0
 
LVL 43

Expert Comment

by:JFrederick29
Comment Utility
Yes, the permit needs to be before the deny so you can choose any number between 10 and 20 (11-19).
0
 
LVL 1

Author Comment

by:jasonmichel
Comment Utility
added my home ip to it and tested..it worked..thanks for the simple yet great instructions
0
 
LVL 1

Author Closing Comment

by:jasonmichel
Comment Utility
thanks for the help, you made it very simple to understand and it did exactly what i needed it to
0

Featured Post

Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
Simple Network: And the Default Gateway is? 5 40
SSL RA VPN 7 72
solarwind tftp server 2 30
Server Room Hardware 5 45
Creating an OSPF network that automatically (dynamically) reroutes network traffic over other connections to prevent network downtime.
Envision that you are chipping away at another e-business site with a team of pundit developers and designers. Everything seems, by all accounts, to be going easily.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

6 Experts available now in Live!

Get 1:1 Help Now