Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Cisco router RDP configuration

Posted on 2010-08-30
21
Medium Priority
?
968 Views
Last Modified: 2012-05-11
Hi EEs,

We have a Cisco router and want to be able to configure to access our server externally. We want to be able to RDP to the server anywhere we want externally.

How do we go about enabling/configuring RDP in the cisco router to achieve this? And what steps are required to have it working.....?

Thanks,
Goraek
0
Comment
Question by:goraek
  • 9
  • 4
  • 3
  • +3
21 Comments
 
LVL 24

Expert Comment

by:DMTechGrooup
ID: 33564382
You need port 3389 opened as you have stated in your tag.  But this wouldn't be a router issue but a firewall issue.  What firewall device are you using?
0
 
LVL 20

Accepted Solution

by:
woolnoir earned 501 total points
ID: 33564393
ip nat inside source static tcp internal_address 3389 external_address 3389 extendable

that will translate any traffic coming to the external interface on port 3389 to the internal IP port 3389

apologies for any slight typos... its early here :)
0
 
LVL 20

Expert Comment

by:woolnoir
ID: 33564406
as DMTechGrooup has mentioned, this depends on your network configuration as to what device is responsible. Also this assumes that NAT has already been setup on the router, as in internal and experience interfaces defined.
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 2

Author Comment

by:goraek
ID: 33564630
we have a cisco router 1812, unsure if we have a firewall or not....
will need to review the infrastructure setup....
0
 
LVL 2

Assisted Solution

by:nblancpain
nblancpain earned 501 total points
ID: 33566538
To check if 1812 is configured as a firewall, check for 'ip inspect' commands in the config.
To test RDP, you may 'telnet 3389' to check if the port is reachable.
0
 
LVL 58

Expert Comment

by:Pete Long
ID: 33566945
- 3389 is a well known port Id get the server to listen on on a different port and forward that instead :)
http://www.petenetlive.com/KB/Article/0000166.htm
0
 
LVL 2

Author Comment

by:goraek
ID: 33572935
Port 3389 is not opened.

I can ping the IP externally, however not able to listen to 3389.

What command line should I perform in the cisco router?
0
 
LVL 2

Expert Comment

by:nblancpain
ID: 33574258
You need to add it to the access-list or to the inspect-list.
Can you post your config ?
It sould look to something like :
access-list 100 permit tcp any 10.x.x.x eq 3389
0
 
LVL 20

Expert Comment

by:woolnoir
ID: 33574445
Did you add my ip nat stuff that i posted above ?

ip nat inside source static tcp internal_address 3389 external_address 3389  ?

An access list like nblancpain mention is needed, but you need the nat definitions, i can see where you have confirmed adding them or not ?
0
 
LVL 2

Author Comment

by:goraek
ID: 33583732
hi woolnoir,

is that the exact command?

ip nat inside source static tcp 192.168.32.23 3389 201.143.23.34 3389

can please verify?
0
 
LVL 2

Author Comment

by:goraek
ID: 33583740
how do i add the access list? do i add it after i done the ip nat command?
0
 
LVL 2

Expert Comment

by:nblancpain
ID: 33584542
Is there already an access-list ? it should be added to the one in place if applicable.
If not, this is not needed.

can you pls post a "show run interface xxx" where xxx is your external interface
same for external interface
+"show ip access-list"

for me to help on this part

Also pls post a "show ip nat translation" would help to verify if your nat rule was correctly applied.
0
 
LVL 4

Assisted Solution

by:ullas_unni
ullas_unni earned 498 total points
ID: 33596950
Hi,

ip nat inside source static tcp 192.168.32.23 3389 201.143.23.34 3389

is all you need unless you have firewall configuration on your Router (CBAC or ZBF)
0
 
LVL 20

Expert Comment

by:woolnoir
ID: 33597765
Hiya - confirmed, ip nat inside source static tcp 192.168.32.23 3389 201.143.23.34 3389. That does assume you have no access control lists. Try that confirm addition, and see if it helps.
0
 
LVL 2

Author Comment

by:goraek
ID: 33623137
sorry guys, not really sure what ya mean...

i log in to the cisco router then enter en to enable then type

ip nat inside source static tcp 192.168.32.23 3389 201.143.23.34 3389

is that right?

also should i check the settings such as the access list and interface first?

can someone please provide a step by step?
0
 
LVL 4

Expert Comment

by:ullas_unni
ID: 33623836
goraek,

attach the show run output of your device.. it would really help troubleshoot the issue faster.
0
 
LVL 2

Author Comment

by:goraek
ID: 33671773
ok, i will try to get the output result for you..

so i enter 'sh run' or 'show run' and it will give me the info?
0
 
LVL 4

Expert Comment

by:ullas_unni
ID: 33671844
both should give the same output
0
 
LVL 2

Author Comment

by:goraek
ID: 33678371
How do I output the result into text format?

For example I want to do sh run > c:\config.txt

It doesnt seem to like it, whats the command to output in cisco?
0
 
LVL 2

Author Comment

by:goraek
ID: 33819685
Anyone knows a way to output the cisco command to a txt file?
0
 
LVL 2

Author Closing Comment

by:goraek
ID: 33856136
Worked.
0

Featured Post

[Webinar] Database Backup and Recovery

Does your company store data on premises, off site, in the cloud, or a combination of these? If you answered “yes”, you need a data backup recovery plan that fits each and every platform. Watch now as as Percona teaches us how to build agile data backup recovery plan.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Many of the companies I’ve worked with have embraced cloud solutions due to their desire to “get out of the datacenter business.” The ability to achieve better security and availability, and the speed with which they are able to deploy, is far grea…
There’s a movement in Information Technology (IT), and while it’s hard to define, it is gaining momentum. Some call it “stream-lined IT;” others call it “thin-model IT.”
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …

581 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question