Solved

Cisco router port forwarding rdp

Posted on 2014-02-19
11
1,471 Views
Last Modified: 2014-04-27
Hello experts,
i'm trying to forward rdp to a specific computer inside my LAN. I am missing something. I can ping my WAN IP from the outside fine.

-----------------------------------------------------------------------------

router#show run
Building configuration...

Current configuration : xxxxx bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname router
!
boot-start-marker
boot-end-marker
!
enable secret xxxxxxxxxxxx
!
no aaa new-model
dot11 syslog
ip cef
!
!
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.1.1 192.168.1.10
ip dhcp excluded-address 192.168.1.100 192.168.1.130
!
ip dhcp pool mypool
   network 192.168.1.0 255.255.255.0
   domain-name mycompany.com
   default-router 192.168.1.1 
   dns-server 192.168.1.1 
!
!
ip name-server xx.xx.xx.xx
ip name-server xx.xx.xx.xx
!
multilink bundle-name authenticated
!
!
!
!
!
archive   
 log config
  hidekeys
! 
!
!
!
!
!
!
interface FastEthernet0/0
 description WAN INTERFACE
 ip address (WAN IP) 255.255.xx.xx
 ip nat outside
 ip virtual-reassembly
 duplex auto
 speed auto
!
interface FastEthernet0/1
 description internal_lan
 ip address 192.168.1.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly
 duplex auto
 speed auto
!
interface Serial0/1/0
 no ip address
 shutdown
 no fair-queue
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 (ISP IP)
!
!
ip http server
no ip http secure-server
ip dns server
ip nat inside source list 1 interface FastEthernet0/0 overload
ip nat inside source static tcp 192.168.1.3 3389 (WAN IP) 3389 extendable
!
!
access-list 1 permit 192.168.1.0 0.0.0.255
!
!
!
!
control-plane
!
!
line con 0
line aux 0
line vty 0 4
 exec-timeout 30 0
 password 7 xxxxxxxxx
 login
 transport input telnet ssh
!
scheduler allocate 20000 1000
end

router#

Open in new window

0
Comment
Question by:lurezero
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
11 Comments
 
LVL 12

Expert Comment

by:ktaczala
ID: 39872446
I think you need this
access-list Outside_to_Inside extended permit tcp any host <External Public IP> eq 3389
static (inside,outside) <External Public IP> <Inside private IP> netmask 255.255.255.255
0
 

Author Comment

by:lurezero
ID: 39872470
should i remove my static statement?
your access-list needs to be applied to my WAN interface "in" correct?
0
 

Author Comment

by:lurezero
ID: 39872505
i tried this didnt work. this is a cisco 2800 series router. not a PIX/ASA...
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
LVL 12

Expert Comment

by:ktaczala
ID: 39873209
access-list 101 permit tcp any host 192.168.1.3 eq 3389
0
 

Author Comment

by:lurezero
ID: 39875494
not working...
0
 

Author Comment

by:lurezero
ID: 39925412
moderators?
0
 
LVL 1

Expert Comment

by:netdsg
ID: 39948015
This document my be useful:

http://www.cisco.com/c/en/us/support/docs/ip/network-address-translation-nat/13778-9.html

Can you post the output of the 'show ip nat translations' command?

Since there is no access-list applied to your outside interface this is not an access-list problem.
0
 

Accepted Solution

by:
lurezero earned 0 total points
ID: 39973807
this is a port forwarding question. not a nat question.
0
 
LVL 1

Assisted Solution

by:beeko0907
beeko0907 earned 100 total points
ID: 40015730
hello lurezero,

try changing your static nat entry to use the interface instead of the ip address and also check to see if your windows machines firewall isnt blocking the incoming rdp session.


ip nat inside source static tcp 192.168.1.3 3389 interface FastEthernet0/0 3389
0
 

Author Closing Comment

by:lurezero
ID: 40025539
solved on my own
0

Featured Post

[Live Webinar] The Cloud Skills Gap

As Cloud technologies come of age, business leaders grapple with the impact it has on their team's skills and the gap associated with the use of a cloud platform.

Join experts from 451 Research and Concerto Cloud Services on July 27th where we will examine fact and fiction.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article is a collection of issues that people face from time to time and possible solutions to those issues. I hope you enjoy reading it.
There’s a movement in Information Technology (IT), and while it’s hard to define, it is gaining momentum. Some call it “stream-lined IT;” others call it “thin-model IT.”
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…

617 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question