?
Solved

Cisco router port forwarding rdp

Posted on 2014-02-19
11
Medium Priority
?
1,492 Views
Last Modified: 2014-04-27
Hello experts,
i'm trying to forward rdp to a specific computer inside my LAN. I am missing something. I can ping my WAN IP from the outside fine.

-----------------------------------------------------------------------------

router#show run
Building configuration...

Current configuration : xxxxx bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname router
!
boot-start-marker
boot-end-marker
!
enable secret xxxxxxxxxxxx
!
no aaa new-model
dot11 syslog
ip cef
!
!
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.1.1 192.168.1.10
ip dhcp excluded-address 192.168.1.100 192.168.1.130
!
ip dhcp pool mypool
   network 192.168.1.0 255.255.255.0
   domain-name mycompany.com
   default-router 192.168.1.1 
   dns-server 192.168.1.1 
!
!
ip name-server xx.xx.xx.xx
ip name-server xx.xx.xx.xx
!
multilink bundle-name authenticated
!
!
!
!
!
archive   
 log config
  hidekeys
! 
!
!
!
!
!
!
interface FastEthernet0/0
 description WAN INTERFACE
 ip address (WAN IP) 255.255.xx.xx
 ip nat outside
 ip virtual-reassembly
 duplex auto
 speed auto
!
interface FastEthernet0/1
 description internal_lan
 ip address 192.168.1.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly
 duplex auto
 speed auto
!
interface Serial0/1/0
 no ip address
 shutdown
 no fair-queue
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 (ISP IP)
!
!
ip http server
no ip http secure-server
ip dns server
ip nat inside source list 1 interface FastEthernet0/0 overload
ip nat inside source static tcp 192.168.1.3 3389 (WAN IP) 3389 extendable
!
!
access-list 1 permit 192.168.1.0 0.0.0.255
!
!
!
!
control-plane
!
!
line con 0
line aux 0
line vty 0 4
 exec-timeout 30 0
 password 7 xxxxxxxxx
 login
 transport input telnet ssh
!
scheduler allocate 20000 1000
end

router#

Open in new window

0
Comment
Question by:lurezero
10 Comments
 
LVL 13

Expert Comment

by:ktaczala
ID: 39872446
I think you need this
access-list Outside_to_Inside extended permit tcp any host <External Public IP> eq 3389
static (inside,outside) <External Public IP> <Inside private IP> netmask 255.255.255.255
0
 

Author Comment

by:lurezero
ID: 39872470
should i remove my static statement?
your access-list needs to be applied to my WAN interface "in" correct?
0
 

Author Comment

by:lurezero
ID: 39872505
i tried this didnt work. this is a cisco 2800 series router. not a PIX/ASA...
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 13

Expert Comment

by:ktaczala
ID: 39873209
access-list 101 permit tcp any host 192.168.1.3 eq 3389
0
 

Author Comment

by:lurezero
ID: 39875494
not working...
0
 

Author Comment

by:lurezero
ID: 39925412
moderators?
0
 
LVL 1

Expert Comment

by:netdsg
ID: 39948015
This document my be useful:

http://www.cisco.com/c/en/us/support/docs/ip/network-address-translation-nat/13778-9.html

Can you post the output of the 'show ip nat translations' command?

Since there is no access-list applied to your outside interface this is not an access-list problem.
0
 

Accepted Solution

by:
lurezero earned 0 total points
ID: 39973807
this is a port forwarding question. not a nat question.
0
 
LVL 1

Assisted Solution

by:beeko0907
beeko0907 earned 300 total points
ID: 40015730
hello lurezero,

try changing your static nat entry to use the interface instead of the ip address and also check to see if your windows machines firewall isnt blocking the incoming rdp session.


ip nat inside source static tcp 192.168.1.3 3389 interface FastEthernet0/0 3389
0
 

Author Closing Comment

by:lurezero
ID: 40025539
solved on my own
0

Featured Post

Big Data Means Big Business

In data-dependent industries like IT, finance, and healthcare, there’s a growing demand for qualified analysts to fill leadership roles. WGU’s MS in Data Analytics has IT certifications from Oracle and SAS built into its curriculum at a flat fee that could save you money.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Let’s face it: one of the reasons your organization chose a SaaS solution (whether Microsoft Dynamics 365, Netsuite or SAP) is that it is subscription-based. The upkeep is done. Or so you think.
This article will show how Aten was able to supply easy management and control for Artear's video walls and wide range display configurations of their newsroom.
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…

621 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question