[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 670
  • Last Modified:

Multiple RDP connections through Cisco Router

Hi Everyone,

I am having trouble getting a cisco config to work. I am no were near a cisco junky and I can only do the basic configs with huge amounts of ? help reponses. I inherited a site from a previous "bad Tech" who was very very inconsistent with configurations. Anyway their net went down so I powered off the router and powered it back on, since then they have not been able to get their remote connections from their home anymore. That and the DHCP was turned off and caused numerous amounts off issues. I have found the IP's of the machines I want to get access to and added the IP nats into the config as per :

interface Dialer0
 ip address negotiated
 ip mtu 1452
 ip nat outside
 ip virtual-reassembly
 encapsulation ppp
 dialer pool 1
 dialer idle-timeout 0
 dialer persistent
 dialer-group 1
 keepalive 10 3
 ppp authentication chap pap callin
 ppp chap hostname mfd_kwn_01@internode.on.net
 ppp chap password 7 1301411A011D0A38313D
 ppp pap sent-username mfd_kwn_01@internode.on.net password 7 110D4F0D1D03051E1E
33
 crypto map myvpn
!
ip route 0.0.0.0 0.0.0.0 Dialer0
ip route 192.168.0.0 255.255.255.0 192.168.5.2
!
!
ip http server
ip http authentication local
no ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip dns server
ip nat inside source list PRIV-NAT-ACL interface Dialer0 overload
ip nat inside source static tcp 192.168.1.11 3389 interface Dialer0 3388
ip nat inside source static tcp 192.168.1.1 1723 interface Dialer0 1723
ip nat inside source static tcp 192.168.1.1 47 interface Dialer0 47
ip nat inside source static tcp 192.168.1.1 80 interface Dialer0 80
ip nat inside source static tcp 192.168.1.1 43000 interface Dialer0 43000
ip nat inside source static udp 192.168.1.1 43000 interface Dialer0 43000
ip nat inside source static tcp 192.168.1.58 3389 interface Dialer0 3391
ip nat inside source static tcp 192.168.1.1 3389 interface Dialer0 3389
ip nat inside source static udp 192.168.1.1 53 interface Dialer0 53
ip nat inside source static tcp 192.168.1.1 21 interface Dialer0 21
ip nat inside source static tcp 192.168.1.1 53 interface Dialer0 53
ip nat inside source static tcp 192.168.1.1 443 interface Dialer0 443
ip nat inside source static tcp 192.168.1.1 110 interface Dialer0 110
ip nat inside source static tcp 192.168.1.1 25 interface Dialer0 25
ip nat inside source static tcp 192.168.1.2 3389 interface Dialer0 3390

ip nat inside source static tcp 192.168.1.169 3389 interface Dialer0 3392
ip nat inside source static tcp 192.168.1.168 3389 interface Dialer0 3393
!
ip access-list extended PRIV-NAT-ACL
 deny   ip 192.168.1.0 0.0.0.255 192.168.0.0 0.0.0.255
 permit ip 192.168.1.0 0.0.0.255 any
!
access-list 101 permit gre host 150.101.178.59 host 150.101.189.237
!
!
!
!

None of this now works. The two new IP nats i have put in are the ones that are spaced away from the others. I can get base 3389 port through to the server but the 3392,3393 ports are not working. Can someone help me, if i need to repost the full config please let me know. Also, can someone let me know how to delete the old entries. As the IP's are not the same, I want to remove them for future reference.
0
H0ff3R
Asked:
H0ff3R
  • 6
  • 3
1 Solution
 
SteveNetwork ManagerCommented:
firstly.. to remove config lines you'd type the word 'no' in front eg..

#no ip nat inside source static tcp 192.168.1.169 3389 interface Dialer0 3392

and that will delete that line only..

the two extra NAT's you've entered are correct, and should work fine..it dosent look like you've got any other access lists off Dialer0, but you 'may' have some on your Ethernet ports.. if you do post them up so we can make sure they're not blocking the RDP ports.. also make sure you're entering the port #'s  correctly in the RDP client..

also.. for future reference, you have posted type 7 cisco passwords.. you might want to get these changed now, as these are 'easily' decryptable, and anyone with an internode DSL account will now be able to use them..

0
 
H0ff3RAuthor Commented:
Ahhhhh, Crap didnt even realise this. What string would i use to update the password if i need to?

I am currently at home and dont have access to the code but will post it tomorrow withOUT the passwords again :)
0
 
SteveNetwork ManagerCommented:
you'll have to get your ISP to change those passwords for you, then you do the same thing.. you enter the 'no' command in front of the line, then renter the line with the new password..

0
New Tabletop Appliances Blow Competitors Away!

WatchGuard’s new T15, T35 and T55 tabletop UTMs provide the highest-performing security inspection in their class, allowing users at small offices, home offices and distributed enterprises to experience blazing-fast Internet speeds without sacrificing enterprise-grade security.

 
H0ff3RAuthor Commented:
Hi PsychoFelix,

I have access to the rest of the code. This is the remainder of the interfaces that I believe you wanted to check.

interface Tunnel0
 ip address 192.168.5.1 255.255.255.0
 tunnel source Dialer0
 tunnel destination 150.101.189.237
!
interface FastEthernet0/0
 description $ETH-LAN$$ES_WAN$
 ip address 192.168.1.254 255.255.255.0
 ip nat inside
 ip virtual-reassembly
 ip tcp adjust-mss 1412
 duplex auto
 speed auto
 no mop enabled
!
interface FastEthernet0/1
 no ip address
 shutdown
 duplex auto
 speed auto
!
interface ATM0/0/0
 no ip address
 no atm ilmi-keepalive
 dsl operating-mode auto
!
interface ATM0/0/0.1 point-to-point
 no snmp trap link-status
 pvc 8/35
  pppoe-client dial-pool-number 1
 !

I have also changed the ISP password and updated it within the config. Thanks for showing me how to delete :)
0
 
SteveNetwork ManagerCommented:
yeah.. you've got no other access lists applied so those NATs youve done should be fine..
0
 
SteveNetwork ManagerCommented:
just make sure on your RDP Client that you put '<IP Address to connect to>:3390'

0
 
SteveNetwork ManagerCommented:
if you are still having trouble.. check this troubleshooting doc..

http://theillustratednetwork.mvps.org/RemoteDesktop/RemoteDesktopSetupandTroubleshooting.html

0
 
H0ff3RAuthor Commented:
PsychoFelix,

I have done that, still doesnt go through. Its a Windows Vista network with a 2008 sbs server. I just cant seem to see what will stop it from going through cause I can RDP internally to those machines so its definately not getting blocked on a workstation end.

Any further suggestions.

Cheers

H0ff3r
0
 
SteveNetwork ManagerCommented:
Have you turned off the PC's local firewall and tried it ?
0

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

  • 6
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now