?
Solved

Cisco 800 - Port Forwarding only from one WAN IP

Posted on 2016-08-31
3
Medium Priority
?
159 Views
Last Modified: 2016-09-08
Hi Team

How do I configure on a Cisco router with a port forwarding rule restricted to a specific WAN IP?
Rather than everyone on the internet can RDP, but only coming from one WAN.

Thanks
0
Comment
Question by:goraek
3 Comments
 
LVL 14

Expert Comment

by:SIM50
ID: 41777978
I think it is something like below.

external NAT ip - 192.168.1.100
internal IP - 192.168.2.100
-------------------------------
ip access-list extended CLIENT
permit ip host 192.168.1.1 host 192.168.1.100

route-map CLIENT-RMAP permit 10
 match ip address CLIENT

ip nat inside source static 192.168.2.100 3389 192.168.1.100 3389 route-map CLIENT-RMAP

to verify: sh ip nat translations
0
 
LVL 2

Author Comment

by:goraek
ID: 41779243
Thanks but how do I restrict a WAN IP (home) for example? I want 58.58.58.58 (home public IP) to only RDP to the host 192.168.2.100.
0
 
LVL 47

Accepted Solution

by:
Craig Beck earned 2000 total points
ID: 41781583
If you have the security bundle features on the router you can use the firewall, or you can use an ACL on the WAN interface to drop all RDP apart from the specific IP you need.

For example...

ip access-list extended WAN-to-LAN
 permit tcp host 58.58.58.58 host any eq 3389
 deny tcp host any any eq 3389
 permit ip any any
!
int Dialer0  (or whatever your WAN interface is)
 ip access-group WAN-to-LAN in
!

Open in new window

0

Featured Post

[Webinar] Kill tickets & tabs using PowerShell

Are you tired of cycling through the same browser tabs everyday to close the same repetitive tickets? In this webinar JumpCloud will show how you can leverage RESTful APIs to build your own PowerShell modules to kill tickets & tabs using the PowerShell command Invoke-RestMethod.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This program is used to assist in finding and resolving common problems with wireless connections.
LinkedIn blogging is great for networking, building up an audience, and expanding your influence as well. However, if you want to achieve these results, you need to work really hard to make your post worth liking and sharing. Here are 4 tips that ca…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…

593 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question