Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Cisco router port forwarding rdp

Posted on 2014-02-19
11
Medium Priority
?
1,487 Views
Last Modified: 2014-04-27
Hello experts,
i'm trying to forward rdp to a specific computer inside my LAN. I am missing something. I can ping my WAN IP from the outside fine.

-----------------------------------------------------------------------------

router#show run
Building configuration...

Current configuration : xxxxx bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname router
!
boot-start-marker
boot-end-marker
!
enable secret xxxxxxxxxxxx
!
no aaa new-model
dot11 syslog
ip cef
!
!
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.1.1 192.168.1.10
ip dhcp excluded-address 192.168.1.100 192.168.1.130
!
ip dhcp pool mypool
   network 192.168.1.0 255.255.255.0
   domain-name mycompany.com
   default-router 192.168.1.1 
   dns-server 192.168.1.1 
!
!
ip name-server xx.xx.xx.xx
ip name-server xx.xx.xx.xx
!
multilink bundle-name authenticated
!
!
!
!
!
archive   
 log config
  hidekeys
! 
!
!
!
!
!
!
interface FastEthernet0/0
 description WAN INTERFACE
 ip address (WAN IP) 255.255.xx.xx
 ip nat outside
 ip virtual-reassembly
 duplex auto
 speed auto
!
interface FastEthernet0/1
 description internal_lan
 ip address 192.168.1.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly
 duplex auto
 speed auto
!
interface Serial0/1/0
 no ip address
 shutdown
 no fair-queue
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 (ISP IP)
!
!
ip http server
no ip http secure-server
ip dns server
ip nat inside source list 1 interface FastEthernet0/0 overload
ip nat inside source static tcp 192.168.1.3 3389 (WAN IP) 3389 extendable
!
!
access-list 1 permit 192.168.1.0 0.0.0.255
!
!
!
!
control-plane
!
!
line con 0
line aux 0
line vty 0 4
 exec-timeout 30 0
 password 7 xxxxxxxxx
 login
 transport input telnet ssh
!
scheduler allocate 20000 1000
end

router#

Open in new window

0
Comment
Question by:lurezero
11 Comments
 
LVL 13

Expert Comment

by:ktaczala
ID: 39872446
I think you need this
access-list Outside_to_Inside extended permit tcp any host <External Public IP> eq 3389
static (inside,outside) <External Public IP> <Inside private IP> netmask 255.255.255.255
0
 

Author Comment

by:lurezero
ID: 39872470
should i remove my static statement?
your access-list needs to be applied to my WAN interface "in" correct?
0
 

Author Comment

by:lurezero
ID: 39872505
i tried this didnt work. this is a cisco 2800 series router. not a PIX/ASA...
0
WatchGuard Case Study: Museum of Flight

“With limited money and limited staffing, we didn’t have a lot of choices in terms of what we could do to bring efficiency. WatchGuard played a central part in changing that.” To provide strong, secure Wi-Fi access within the museum, Hunter chose to deploy WatchGuard’s AP120 APs.

 
LVL 13

Expert Comment

by:ktaczala
ID: 39873209
access-list 101 permit tcp any host 192.168.1.3 eq 3389
0
 

Author Comment

by:lurezero
ID: 39875494
not working...
0
 

Author Comment

by:lurezero
ID: 39925412
moderators?
0
 
LVL 1

Expert Comment

by:netdsg
ID: 39948015
This document my be useful:

http://www.cisco.com/c/en/us/support/docs/ip/network-address-translation-nat/13778-9.html

Can you post the output of the 'show ip nat translations' command?

Since there is no access-list applied to your outside interface this is not an access-list problem.
0
 

Accepted Solution

by:
lurezero earned 0 total points
ID: 39973807
this is a port forwarding question. not a nat question.
0
 
LVL 1

Assisted Solution

by:beeko0907
beeko0907 earned 300 total points
ID: 40015730
hello lurezero,

try changing your static nat entry to use the interface instead of the ip address and also check to see if your windows machines firewall isnt blocking the incoming rdp session.


ip nat inside source static tcp 192.168.1.3 3389 interface FastEthernet0/0 3389
0
 

Author Closing Comment

by:lurezero
ID: 40025539
solved on my own
0

Featured Post

Get free NFR key for Veeam Availability Suite 9.5

Veeam is happy to provide a free NFR license (1 year, 2 sockets) to all certified IT Pros. The license allows for the non-production use of Veeam Availability Suite v9.5 in your home lab, without any feature limitations. It works for both VMware and Hyper-V environments

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Let’s face it: one of the reasons your organization chose a SaaS solution (whether Microsoft Dynamics 365, Netsuite or SAP) is that it is subscription-based. The upkeep is done. Or so you think.
Make the most of your online learning experience.
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…

916 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question