Solved

Allowing RDP through Cisco router

Posted on 2008-10-28
7
232 Views
Last Modified: 2011-10-19
ok, simply put we have a vendor that needs to have access to internal server, i created a NAT rule to allow 3389 traffic to go to that server, but it lets everyone to it, i want to restrict access to that server based on thier public ip..attached is the config..thanks
cobrun.txt
0
Comment
Question by:jasonmichel
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
7 Comments
 
LVL 43

Accepted Solution

by:
JFrederick29 earned 500 total points
ID: 22821272
You can apply an access-list to the WAN interface that only allows RDP from your vendor (x.x.x.x).

conf t
ip access-list extended internet-in
permit tcp host x.x.x.x host 70.62.43.150 eq 3389  <--where x.x.x.x is the public IP of your vendor
deny tcp any host 70.62.43.150 eq 3389
permit ip any any

int g0/0
ip access-group internet-in in
0
 
LVL 1

Author Comment

by:jasonmichel
ID: 22821397
i am going to get ahold of vendor to test...but i think that will work..thanks, just another quick question...if i wanted to add another host to be allowed to get to that server how do i add a sequence to the NACL?  

thanks
0
 
LVL 43

Expert Comment

by:JFrederick29
ID: 22821431
If you do a "show access-list internet-in", you will see line numbers next to the access-list.

For example:

10 permit tcp host x.x.x.x host 70.62.43.150 eq 3389
20 deny tcp any host 70.62.43.150 eq 3389
30 permit ip any any

Simply add the new entry with a line number to insert the permit before the deny.

conf t
ip access-list ext internet-in
12 permit tcp host y.y.y.y host 70.62.43.150 eq 3389    <--where y.y.y.y is the new vendor IP

Your new access would look like this:

10 permit tcp host x.x.x.x host 70.62.43.150 eq 3389
12 permit tcp host y.y.y.y host 70.62.43.150 eq 3389
20 deny tcp any host 70.62.43.150 eq 3389
30 permit ip any any
0
Forrester Webinar: xMatters Delivers 261% ROI

Guest speaker Dean Davison, Forrester Principal Consultant, explains how a Fortune 500 communication company using xMatters found these results: Achieved a 261% ROI, Experienced $753,280 in net present value benefits over 3 years and Reduced MTTR by 91% for tier 1 incidents.

 
LVL 1

Author Comment

by:jasonmichel
ID: 22821464
i def want the sequence number to be lower  than the deny sequence number correct?
0
 
LVL 43

Expert Comment

by:JFrederick29
ID: 22821483
Yes, the permit needs to be before the deny so you can choose any number between 10 and 20 (11-19).
0
 
LVL 1

Author Comment

by:jasonmichel
ID: 22821638
added my home ip to it and tested..it worked..thanks for the simple yet great instructions
0
 
LVL 1

Author Closing Comment

by:jasonmichel
ID: 31510710
thanks for the help, you made it very simple to understand and it did exactly what i needed it to
0

Featured Post

Easy, flexible multimedia distribution & control

Coming soon!  Ideal for large-scale A/V applications, ATEN's VM3200 Modular Matrix Switch is an all-in-one solution that simplifies video wall integration. Easily customize display layouts to see what you want, how you want it in 4k.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

There are two basic ways to configure a static route for Cisco IOS devices. I've written this article to highlight a case study comparing the configuration of a static route using the next-hop IP and the configuration of a static route using an outg…
Getting hacked is no longer a matter or "if you get hacked" — the 2016 cyber threat landscape is now titled "when you get hacked." When it happens — will you be proactive, or reactive?
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question