Solved

Cisco 800 - Port Forwarding only from one WAN IP

Posted on 2016-08-31
3
113 Views
Last Modified: 2016-09-08
Hi Team

How do I configure on a Cisco router with a port forwarding rule restricted to a specific WAN IP?
Rather than everyone on the internet can RDP, but only coming from one WAN.

Thanks
0
Comment
Question by:goraek
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 14

Expert Comment

by:SIM50
ID: 41777978
I think it is something like below.

external NAT ip - 192.168.1.100
internal IP - 192.168.2.100
-------------------------------
ip access-list extended CLIENT
permit ip host 192.168.1.1 host 192.168.1.100

route-map CLIENT-RMAP permit 10
 match ip address CLIENT

ip nat inside source static 192.168.2.100 3389 192.168.1.100 3389 route-map CLIENT-RMAP

to verify: sh ip nat translations
0
 
LVL 2

Author Comment

by:goraek
ID: 41779243
Thanks but how do I restrict a WAN IP (home) for example? I want 58.58.58.58 (home public IP) to only RDP to the host 192.168.2.100.
0
 
LVL 46

Accepted Solution

by:
Craig Beck earned 500 total points
ID: 41781583
If you have the security bundle features on the router you can use the firewall, or you can use an ACL on the WAN interface to drop all RDP apart from the specific IP you need.

For example...

ip access-list extended WAN-to-LAN
 permit tcp host 58.58.58.58 host any eq 3389
 deny tcp host any any eq 3389
 permit ip any any
!
int Dialer0  (or whatever your WAN interface is)
 ip access-group WAN-to-LAN in
!

Open in new window

0

Featured Post

IoT Devices - Fast, Cheap or Secure…Pick Two

The IoT market is growing at a rapid pace and manufacturers are under pressure to quickly provide new products. Can you be sure that your devices do what they're supposed to do, while still being secure?

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A 2007 NCSA Cyber Security survey revealed that a mere 4% of the population has a full understanding of firewalls. As business owner, you should be part of that 4% that has a full understanding.
On Feb. 28, Amazon’s Simple Storage Service (S3) went down after an employee issued the wrong command during a debugging exercise. Among those affected were big names like Netflix, Spotify and Expedia.
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…
Suggested Courses

626 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question