Solved

Cisco 800 - Port Forwarding only from one WAN IP

Posted on 2016-08-31
3
98 Views
Last Modified: 2016-09-08
Hi Team

How do I configure on a Cisco router with a port forwarding rule restricted to a specific WAN IP?
Rather than everyone on the internet can RDP, but only coming from one WAN.

Thanks
0
Comment
Question by:goraek
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 14

Expert Comment

by:SIM50
ID: 41777978
I think it is something like below.

external NAT ip - 192.168.1.100
internal IP - 192.168.2.100
-------------------------------
ip access-list extended CLIENT
permit ip host 192.168.1.1 host 192.168.1.100

route-map CLIENT-RMAP permit 10
 match ip address CLIENT

ip nat inside source static 192.168.2.100 3389 192.168.1.100 3389 route-map CLIENT-RMAP

to verify: sh ip nat translations
0
 
LVL 2

Author Comment

by:goraek
ID: 41779243
Thanks but how do I restrict a WAN IP (home) for example? I want 58.58.58.58 (home public IP) to only RDP to the host 192.168.2.100.
0
 
LVL 46

Accepted Solution

by:
Craig Beck earned 500 total points
ID: 41781583
If you have the security bundle features on the router you can use the firewall, or you can use an ACL on the WAN interface to drop all RDP apart from the specific IP you need.

For example...

ip access-list extended WAN-to-LAN
 permit tcp host 58.58.58.58 host any eq 3389
 deny tcp host any any eq 3389
 permit ip any any
!
int Dialer0  (or whatever your WAN interface is)
 ip access-group WAN-to-LAN in
!

Open in new window

0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
CISCO ASA 5505 double Wan 8 36
Vmotion configuration 4 53
Can't access router with user and pass 10 75
Logging into A Cisco switch from another switch or router 2 24
This past year has been one of great growth and performance for OnPage. We have added many features and integrations to the product, making 2016 an awesome year. We see these steps forward as the basis for future growth.
When speed and performance are vital to revenue, companies must have complete confidence in their cloud environment.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question