Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Cisco router port forwarding rdp

Posted on 2014-02-19
11
Medium Priority
?
1,482 Views
Last Modified: 2014-04-27
Hello experts,
i'm trying to forward rdp to a specific computer inside my LAN. I am missing something. I can ping my WAN IP from the outside fine.

-----------------------------------------------------------------------------

router#show run
Building configuration...

Current configuration : xxxxx bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname router
!
boot-start-marker
boot-end-marker
!
enable secret xxxxxxxxxxxx
!
no aaa new-model
dot11 syslog
ip cef
!
!
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.1.1 192.168.1.10
ip dhcp excluded-address 192.168.1.100 192.168.1.130
!
ip dhcp pool mypool
   network 192.168.1.0 255.255.255.0
   domain-name mycompany.com
   default-router 192.168.1.1 
   dns-server 192.168.1.1 
!
!
ip name-server xx.xx.xx.xx
ip name-server xx.xx.xx.xx
!
multilink bundle-name authenticated
!
!
!
!
!
archive   
 log config
  hidekeys
! 
!
!
!
!
!
!
interface FastEthernet0/0
 description WAN INTERFACE
 ip address (WAN IP) 255.255.xx.xx
 ip nat outside
 ip virtual-reassembly
 duplex auto
 speed auto
!
interface FastEthernet0/1
 description internal_lan
 ip address 192.168.1.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly
 duplex auto
 speed auto
!
interface Serial0/1/0
 no ip address
 shutdown
 no fair-queue
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 (ISP IP)
!
!
ip http server
no ip http secure-server
ip dns server
ip nat inside source list 1 interface FastEthernet0/0 overload
ip nat inside source static tcp 192.168.1.3 3389 (WAN IP) 3389 extendable
!
!
access-list 1 permit 192.168.1.0 0.0.0.255
!
!
!
!
control-plane
!
!
line con 0
line aux 0
line vty 0 4
 exec-timeout 30 0
 password 7 xxxxxxxxx
 login
 transport input telnet ssh
!
scheduler allocate 20000 1000
end

router#

Open in new window

0
Comment
Question by:lurezero
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
11 Comments
 
LVL 13

Expert Comment

by:ktaczala
ID: 39872446
I think you need this
access-list Outside_to_Inside extended permit tcp any host <External Public IP> eq 3389
static (inside,outside) <External Public IP> <Inside private IP> netmask 255.255.255.255
0
 

Author Comment

by:lurezero
ID: 39872470
should i remove my static statement?
your access-list needs to be applied to my WAN interface "in" correct?
0
 

Author Comment

by:lurezero
ID: 39872505
i tried this didnt work. this is a cisco 2800 series router. not a PIX/ASA...
0
Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

 
LVL 13

Expert Comment

by:ktaczala
ID: 39873209
access-list 101 permit tcp any host 192.168.1.3 eq 3389
0
 

Author Comment

by:lurezero
ID: 39875494
not working...
0
 

Author Comment

by:lurezero
ID: 39925412
moderators?
0
 
LVL 1

Expert Comment

by:netdsg
ID: 39948015
This document my be useful:

http://www.cisco.com/c/en/us/support/docs/ip/network-address-translation-nat/13778-9.html

Can you post the output of the 'show ip nat translations' command?

Since there is no access-list applied to your outside interface this is not an access-list problem.
0
 

Accepted Solution

by:
lurezero earned 0 total points
ID: 39973807
this is a port forwarding question. not a nat question.
0
 
LVL 1

Assisted Solution

by:beeko0907
beeko0907 earned 300 total points
ID: 40015730
hello lurezero,

try changing your static nat entry to use the interface instead of the ip address and also check to see if your windows machines firewall isnt blocking the incoming rdp session.


ip nat inside source static tcp 192.168.1.3 3389 interface FastEthernet0/0 3389
0
 

Author Closing Comment

by:lurezero
ID: 40025539
solved on my own
0

Featured Post

Looking for the Wi-Fi vendor that's right for you?

We know how difficult it can be to evaluate Wi-Fi vendors, so we created this helpful Wi-Fi Buyer's Guide to help you find the Wi-Fi vendor that's right for your business! Download the guide and get started on our checklist today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

You deserve ‘straight talk’ from your cloud provider about your risk, your costs, security, uptime and the processes that are in place to protect your mission-critical applications.
This article will show how Aten was able to supply easy management and control for Artear's video walls and wide range display configurations of their newsroom.
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …
Suggested Courses

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question