Solved

Cisco router port forwarding rdp

Posted on 2014-02-19
11
1,436 Views
Last Modified: 2014-04-27
Hello experts,
i'm trying to forward rdp to a specific computer inside my LAN. I am missing something. I can ping my WAN IP from the outside fine.

-----------------------------------------------------------------------------

router#show run
Building configuration...

Current configuration : xxxxx bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname router
!
boot-start-marker
boot-end-marker
!
enable secret xxxxxxxxxxxx
!
no aaa new-model
dot11 syslog
ip cef
!
!
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.1.1 192.168.1.10
ip dhcp excluded-address 192.168.1.100 192.168.1.130
!
ip dhcp pool mypool
   network 192.168.1.0 255.255.255.0
   domain-name mycompany.com
   default-router 192.168.1.1 
   dns-server 192.168.1.1 
!
!
ip name-server xx.xx.xx.xx
ip name-server xx.xx.xx.xx
!
multilink bundle-name authenticated
!
!
!
!
!
archive   
 log config
  hidekeys
! 
!
!
!
!
!
!
interface FastEthernet0/0
 description WAN INTERFACE
 ip address (WAN IP) 255.255.xx.xx
 ip nat outside
 ip virtual-reassembly
 duplex auto
 speed auto
!
interface FastEthernet0/1
 description internal_lan
 ip address 192.168.1.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly
 duplex auto
 speed auto
!
interface Serial0/1/0
 no ip address
 shutdown
 no fair-queue
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 (ISP IP)
!
!
ip http server
no ip http secure-server
ip dns server
ip nat inside source list 1 interface FastEthernet0/0 overload
ip nat inside source static tcp 192.168.1.3 3389 (WAN IP) 3389 extendable
!
!
access-list 1 permit 192.168.1.0 0.0.0.255
!
!
!
!
control-plane
!
!
line con 0
line aux 0
line vty 0 4
 exec-timeout 30 0
 password 7 xxxxxxxxx
 login
 transport input telnet ssh
!
scheduler allocate 20000 1000
end

router#

Open in new window

0
Comment
Question by:lurezero
11 Comments
 
LVL 12

Expert Comment

by:ktaczala
Comment Utility
I think you need this
access-list Outside_to_Inside extended permit tcp any host <External Public IP> eq 3389
static (inside,outside) <External Public IP> <Inside private IP> netmask 255.255.255.255
0
 

Author Comment

by:lurezero
Comment Utility
should i remove my static statement?
your access-list needs to be applied to my WAN interface "in" correct?
0
 

Author Comment

by:lurezero
Comment Utility
i tried this didnt work. this is a cisco 2800 series router. not a PIX/ASA...
0
 
LVL 12

Expert Comment

by:ktaczala
Comment Utility
access-list 101 permit tcp any host 192.168.1.3 eq 3389
0
 

Author Comment

by:lurezero
Comment Utility
not working...
0
Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

 

Author Comment

by:lurezero
Comment Utility
moderators?
0
 
LVL 1

Expert Comment

by:netdsg
Comment Utility
This document my be useful:

http://www.cisco.com/c/en/us/support/docs/ip/network-address-translation-nat/13778-9.html

Can you post the output of the 'show ip nat translations' command?

Since there is no access-list applied to your outside interface this is not an access-list problem.
0
 

Accepted Solution

by:
lurezero earned 0 total points
Comment Utility
this is a port forwarding question. not a nat question.
0
 
LVL 1

Assisted Solution

by:beeko0907
beeko0907 earned 100 total points
Comment Utility
hello lurezero,

try changing your static nat entry to use the interface instead of the ip address and also check to see if your windows machines firewall isnt blocking the incoming rdp session.


ip nat inside source static tcp 192.168.1.3 3389 interface FastEthernet0/0 3389
0
 

Author Closing Comment

by:lurezero
Comment Utility
solved on my own
0

Featured Post

Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
Monitor bandwidth 3 35
SMB Routers with GB WAN 12 31
E-mail alerts from Cisco ASA Firepower 3 28
DHCP on ASA 3 20
Exchange server is not supported in any cloud-hosted platform (other than Azure with Azure Premium Storage).
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now