Solved

Allowing RDP through Cisco router

Posted on 2008-10-28
7
230 Views
Last Modified: 2011-10-19
ok, simply put we have a vendor that needs to have access to internal server, i created a NAT rule to allow 3389 traffic to go to that server, but it lets everyone to it, i want to restrict access to that server based on thier public ip..attached is the config..thanks
cobrun.txt
0
Comment
Question by:jasonmichel
  • 4
  • 3
7 Comments
 
LVL 43

Accepted Solution

by:
JFrederick29 earned 500 total points
ID: 22821272
You can apply an access-list to the WAN interface that only allows RDP from your vendor (x.x.x.x).

conf t
ip access-list extended internet-in
permit tcp host x.x.x.x host 70.62.43.150 eq 3389  <--where x.x.x.x is the public IP of your vendor
deny tcp any host 70.62.43.150 eq 3389
permit ip any any

int g0/0
ip access-group internet-in in
0
 
LVL 1

Author Comment

by:jasonmichel
ID: 22821397
i am going to get ahold of vendor to test...but i think that will work..thanks, just another quick question...if i wanted to add another host to be allowed to get to that server how do i add a sequence to the NACL?  

thanks
0
 
LVL 43

Expert Comment

by:JFrederick29
ID: 22821431
If you do a "show access-list internet-in", you will see line numbers next to the access-list.

For example:

10 permit tcp host x.x.x.x host 70.62.43.150 eq 3389
20 deny tcp any host 70.62.43.150 eq 3389
30 permit ip any any

Simply add the new entry with a line number to insert the permit before the deny.

conf t
ip access-list ext internet-in
12 permit tcp host y.y.y.y host 70.62.43.150 eq 3389    <--where y.y.y.y is the new vendor IP

Your new access would look like this:

10 permit tcp host x.x.x.x host 70.62.43.150 eq 3389
12 permit tcp host y.y.y.y host 70.62.43.150 eq 3389
20 deny tcp any host 70.62.43.150 eq 3389
30 permit ip any any
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 1

Author Comment

by:jasonmichel
ID: 22821464
i def want the sequence number to be lower  than the deny sequence number correct?
0
 
LVL 43

Expert Comment

by:JFrederick29
ID: 22821483
Yes, the permit needs to be before the deny so you can choose any number between 10 and 20 (11-19).
0
 
LVL 1

Author Comment

by:jasonmichel
ID: 22821638
added my home ip to it and tested..it worked..thanks for the simple yet great instructions
0
 
LVL 1

Author Closing Comment

by:jasonmichel
ID: 31510710
thanks for the help, you made it very simple to understand and it did exactly what i needed it to
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In the hope of saving someone else's sanity... About a year ago we bought a Cisco 1921 router with two ADSL/VDSL EHWIC cards to load balance local network traffic over the two broadband lines we have, but we couldn't get the routing to work consi…
Creating an OSPF network that automatically (dynamically) reroutes network traffic over other connections to prevent network downtime.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

856 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question