H0ff3R
asked on
Multiple RDP connections through Cisco Router
Hi Everyone,
I am having trouble getting a cisco config to work. I am no were near a cisco junky and I can only do the basic configs with huge amounts of ? help reponses. I inherited a site from a previous "bad Tech" who was very very inconsistent with configurations. Anyway their net went down so I powered off the router and powered it back on, since then they have not been able to get their remote connections from their home anymore. That and the DHCP was turned off and caused numerous amounts off issues. I have found the IP's of the machines I want to get access to and added the IP nats into the config as per :
interface Dialer0
ip address negotiated
ip mtu 1452
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 1
dialer idle-timeout 0
dialer persistent
dialer-group 1
keepalive 10 3
ppp authentication chap pap callin
ppp chap hostname mfd_kwn_01@internode.on.ne t
ppp chap password 7 1301411A011D0A38313D
ppp pap sent-username mfd_kwn_01@internode.on.ne t password 7 110D4F0D1D03051E1E
33
crypto map myvpn
!
ip route 0.0.0.0 0.0.0.0 Dialer0
ip route 192.168.0.0 255.255.255.0 192.168.5.2
!
!
ip http server
ip http authentication local
no ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip dns server
ip nat inside source list PRIV-NAT-ACL interface Dialer0 overload
ip nat inside source static tcp 192.168.1.11 3389 interface Dialer0 3388
ip nat inside source static tcp 192.168.1.1 1723 interface Dialer0 1723
ip nat inside source static tcp 192.168.1.1 47 interface Dialer0 47
ip nat inside source static tcp 192.168.1.1 80 interface Dialer0 80
ip nat inside source static tcp 192.168.1.1 43000 interface Dialer0 43000
ip nat inside source static udp 192.168.1.1 43000 interface Dialer0 43000
ip nat inside source static tcp 192.168.1.58 3389 interface Dialer0 3391
ip nat inside source static tcp 192.168.1.1 3389 interface Dialer0 3389
ip nat inside source static udp 192.168.1.1 53 interface Dialer0 53
ip nat inside source static tcp 192.168.1.1 21 interface Dialer0 21
ip nat inside source static tcp 192.168.1.1 53 interface Dialer0 53
ip nat inside source static tcp 192.168.1.1 443 interface Dialer0 443
ip nat inside source static tcp 192.168.1.1 110 interface Dialer0 110
ip nat inside source static tcp 192.168.1.1 25 interface Dialer0 25
ip nat inside source static tcp 192.168.1.2 3389 interface Dialer0 3390
ip nat inside source static tcp 192.168.1.169 3389 interface Dialer0 3392
ip nat inside source static tcp 192.168.1.168 3389 interface Dialer0 3393
!
ip access-list extended PRIV-NAT-ACL
deny ip 192.168.1.0 0.0.0.255 192.168.0.0 0.0.0.255
permit ip 192.168.1.0 0.0.0.255 any
!
access-list 101 permit gre host 150.101.178.59 host 150.101.189.237
!
!
!
!
None of this now works. The two new IP nats i have put in are the ones that are spaced away from the others. I can get base 3389 port through to the server but the 3392,3393 ports are not working. Can someone help me, if i need to repost the full config please let me know. Also, can someone let me know how to delete the old entries. As the IP's are not the same, I want to remove them for future reference.
I am having trouble getting a cisco config to work. I am no were near a cisco junky and I can only do the basic configs with huge amounts of ? help reponses. I inherited a site from a previous "bad Tech" who was very very inconsistent with configurations. Anyway their net went down so I powered off the router and powered it back on, since then they have not been able to get their remote connections from their home anymore. That and the DHCP was turned off and caused numerous amounts off issues. I have found the IP's of the machines I want to get access to and added the IP nats into the config as per :
interface Dialer0
ip address negotiated
ip mtu 1452
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 1
dialer idle-timeout 0
dialer persistent
dialer-group 1
keepalive 10 3
ppp authentication chap pap callin
ppp chap hostname mfd_kwn_01@internode.on.ne
ppp chap password 7 1301411A011D0A38313D
ppp pap sent-username mfd_kwn_01@internode.on.ne
33
crypto map myvpn
!
ip route 0.0.0.0 0.0.0.0 Dialer0
ip route 192.168.0.0 255.255.255.0 192.168.5.2
!
!
ip http server
ip http authentication local
no ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip dns server
ip nat inside source list PRIV-NAT-ACL interface Dialer0 overload
ip nat inside source static tcp 192.168.1.11 3389 interface Dialer0 3388
ip nat inside source static tcp 192.168.1.1 1723 interface Dialer0 1723
ip nat inside source static tcp 192.168.1.1 47 interface Dialer0 47
ip nat inside source static tcp 192.168.1.1 80 interface Dialer0 80
ip nat inside source static tcp 192.168.1.1 43000 interface Dialer0 43000
ip nat inside source static udp 192.168.1.1 43000 interface Dialer0 43000
ip nat inside source static tcp 192.168.1.58 3389 interface Dialer0 3391
ip nat inside source static tcp 192.168.1.1 3389 interface Dialer0 3389
ip nat inside source static udp 192.168.1.1 53 interface Dialer0 53
ip nat inside source static tcp 192.168.1.1 21 interface Dialer0 21
ip nat inside source static tcp 192.168.1.1 53 interface Dialer0 53
ip nat inside source static tcp 192.168.1.1 443 interface Dialer0 443
ip nat inside source static tcp 192.168.1.1 110 interface Dialer0 110
ip nat inside source static tcp 192.168.1.1 25 interface Dialer0 25
ip nat inside source static tcp 192.168.1.2 3389 interface Dialer0 3390
ip nat inside source static tcp 192.168.1.169 3389 interface Dialer0 3392
ip nat inside source static tcp 192.168.1.168 3389 interface Dialer0 3393
!
ip access-list extended PRIV-NAT-ACL
deny ip 192.168.1.0 0.0.0.255 192.168.0.0 0.0.0.255
permit ip 192.168.1.0 0.0.0.255 any
!
access-list 101 permit gre host 150.101.178.59 host 150.101.189.237
!
!
!
!
None of this now works. The two new IP nats i have put in are the ones that are spaced away from the others. I can get base 3389 port through to the server but the 3392,3393 ports are not working. Can someone help me, if i need to repost the full config please let me know. Also, can someone let me know how to delete the old entries. As the IP's are not the same, I want to remove them for future reference.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
you'll have to get your ISP to change those passwords for you, then you do the same thing.. you enter the 'no' command in front of the line, then renter the line with the new password..
ASKER
Hi PsychoFelix,
I have access to the rest of the code. This is the remainder of the interfaces that I believe you wanted to check.
interface Tunnel0
ip address 192.168.5.1 255.255.255.0
tunnel source Dialer0
tunnel destination 150.101.189.237
!
interface FastEthernet0/0
description $ETH-LAN$$ES_WAN$
ip address 192.168.1.254 255.255.255.0
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1412
duplex auto
speed auto
no mop enabled
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface ATM0/0/0
no ip address
no atm ilmi-keepalive
dsl operating-mode auto
!
interface ATM0/0/0.1 point-to-point
no snmp trap link-status
pvc 8/35
pppoe-client dial-pool-number 1
!
I have also changed the ISP password and updated it within the config. Thanks for showing me how to delete :)
I have access to the rest of the code. This is the remainder of the interfaces that I believe you wanted to check.
interface Tunnel0
ip address 192.168.5.1 255.255.255.0
tunnel source Dialer0
tunnel destination 150.101.189.237
!
interface FastEthernet0/0
description $ETH-LAN$$ES_WAN$
ip address 192.168.1.254 255.255.255.0
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1412
duplex auto
speed auto
no mop enabled
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface ATM0/0/0
no ip address
no atm ilmi-keepalive
dsl operating-mode auto
!
interface ATM0/0/0.1 point-to-point
no snmp trap link-status
pvc 8/35
pppoe-client dial-pool-number 1
!
I have also changed the ISP password and updated it within the config. Thanks for showing me how to delete :)
yeah.. you've got no other access lists applied so those NATs youve done should be fine..
just make sure on your RDP Client that you put '<IP Address to connect to>:3390'
if you are still having trouble.. check this troubleshooting doc..
http://theillustratednetwork.mvps.org/RemoteDesktop/RemoteDesktopSetupandTroubleshooting.html
http://theillustratednetwork.mvps.org/RemoteDesktop/RemoteDesktopSetupandTroubleshooting.html
ASKER
PsychoFelix,
I have done that, still doesnt go through. Its a Windows Vista network with a 2008 sbs server. I just cant seem to see what will stop it from going through cause I can RDP internally to those machines so its definately not getting blocked on a workstation end.
Any further suggestions.
Cheers
H0ff3r
I have done that, still doesnt go through. Its a Windows Vista network with a 2008 sbs server. I just cant seem to see what will stop it from going through cause I can RDP internally to those machines so its definately not getting blocked on a workstation end.
Any further suggestions.
Cheers
H0ff3r
Have you turned off the PC's local firewall and tried it ?
ASKER
I am currently at home and dont have access to the code but will post it tomorrow withOUT the passwords again :)