Solved

Cisco 800 - Port Forwarding only from one WAN IP

Posted on 2016-08-31
3
67 Views
Last Modified: 2016-09-08
Hi Team

How do I configure on a Cisco router with a port forwarding rule restricted to a specific WAN IP?
Rather than everyone on the internet can RDP, but only coming from one WAN.

Thanks
0
Comment
Question by:goraek
3 Comments
 
LVL 13

Expert Comment

by:SIM50
ID: 41777978
I think it is something like below.

external NAT ip - 192.168.1.100
internal IP - 192.168.2.100
-------------------------------
ip access-list extended CLIENT
permit ip host 192.168.1.1 host 192.168.1.100

route-map CLIENT-RMAP permit 10
 match ip address CLIENT

ip nat inside source static 192.168.2.100 3389 192.168.1.100 3389 route-map CLIENT-RMAP

to verify: sh ip nat translations
0
 
LVL 2

Author Comment

by:goraek
ID: 41779243
Thanks but how do I restrict a WAN IP (home) for example? I want 58.58.58.58 (home public IP) to only RDP to the host 192.168.2.100.
0
 
LVL 45

Accepted Solution

by:
Craig Beck earned 500 total points
ID: 41781583
If you have the security bundle features on the router you can use the firewall, or you can use an ACL on the WAN interface to drop all RDP apart from the specific IP you need.

For example...

ip access-list extended WAN-to-LAN
 permit tcp host 58.58.58.58 host any eq 3389
 deny tcp host any any eq 3389
 permit ip any any
!
int Dialer0  (or whatever your WAN interface is)
 ip access-group WAN-to-LAN in
!

Open in new window

0

Featured Post

Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
OSPF Design NSSA 5 31
Network Connection 5 34
Cisco Air AP 6 28
Adding a secondary DC Server 2008R2 10 39
Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
If you're not part of the solution, you're part of the problem.   Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual…
Viewers will learn how to properly install and use Secure Shell (SSH) to work on projects or homework remotely. Download Secure Shell: Follow basic installation instructions: Open Secure Shell and use "Quick Connect" to enter credentials includi…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now