lurezero
asked on
Cisco router port forwarding rdp
Hello experts,
i'm trying to forward rdp to a specific computer inside my LAN. I am missing something. I can ping my WAN IP from the outside fine.
-------------------------- ---------- ---------- ---------- ---------- ---------- -
router#show run
Building configuration...
Current configuration : xxxxx bytes
i'm trying to forward rdp to a specific computer inside my LAN. I am missing something. I can ping my WAN IP from the outside fine.
--------------------------
router#show run
Building configuration...
Current configuration : xxxxx bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname router
!
boot-start-marker
boot-end-marker
!
enable secret xxxxxxxxxxxx
!
no aaa new-model
dot11 syslog
ip cef
!
!
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.1.1 192.168.1.10
ip dhcp excluded-address 192.168.1.100 192.168.1.130
!
ip dhcp pool mypool
network 192.168.1.0 255.255.255.0
domain-name mycompany.com
default-router 192.168.1.1
dns-server 192.168.1.1
!
!
ip name-server xx.xx.xx.xx
ip name-server xx.xx.xx.xx
!
multilink bundle-name authenticated
!
!
!
!
!
archive
log config
hidekeys
!
!
!
!
!
!
!
interface FastEthernet0/0
description WAN INTERFACE
ip address (WAN IP) 255.255.xx.xx
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
interface FastEthernet0/1
description internal_lan
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
!
interface Serial0/1/0
no ip address
shutdown
no fair-queue
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 (ISP IP)
!
!
ip http server
no ip http secure-server
ip dns server
ip nat inside source list 1 interface FastEthernet0/0 overload
ip nat inside source static tcp 192.168.1.3 3389 (WAN IP) 3389 extendable
!
!
access-list 1 permit 192.168.1.0 0.0.0.255
!
!
!
!
control-plane
!
!
line con 0
line aux 0
line vty 0 4
exec-timeout 30 0
password 7 xxxxxxxxx
login
transport input telnet ssh
!
scheduler allocate 20000 1000
end
router#
ASKER
should i remove my static statement?
your access-list needs to be applied to my WAN interface "in" correct?
your access-list needs to be applied to my WAN interface "in" correct?
ASKER
i tried this didnt work. this is a cisco 2800 series router. not a PIX/ASA...
access-list 101 permit tcp any host 192.168.1.3 eq 3389
ASKER
not working...
ASKER
moderators?
This document my be useful:
http://www.cisco.com/c/en/us/support/docs/ip/network-address-translation-nat/13778-9.html
Can you post the output of the 'show ip nat translations' command?
Since there is no access-list applied to your outside interface this is not an access-list problem.
http://www.cisco.com/c/en/us/support/docs/ip/network-address-translation-nat/13778-9.html
Can you post the output of the 'show ip nat translations' command?
Since there is no access-list applied to your outside interface this is not an access-list problem.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
solved on my own
access-list Outside_to_Inside extended permit tcp any host <External Public IP> eq 3389
static (inside,outside) <External Public IP> <Inside private IP> netmask 255.255.255.255