Need experts Help RDP on port 3389 Setup on Cisco Router

ULWiz

I am a novice cisco person who would like to know what lines to add to my router to be able to remotely connect to my server on port 3389. Can anyone explain what lines need to be added for me to be able to accomplish this.

If you need a show run for what i have currently i would be more than happy to provide it.

I currently run a Cisco 2610 Router and a Cisco 2924 Switch.

Turgon

If you have an access-list protecting your router interface from inbound traffic, update it to allow connections to your server on the RDP port.

rossonieri#1

hi,

i almost forgotten things like this - so do recheck on the CLI :

ip nat inside source static tcp <LAN_IP> 3389 <WAN> 3389

do the same for udp - and put them on the first line in your ACL.

HTH.

SWM

You will need some thing similar t the below:

ip nat inside source static tcp x.x.x.x 3389 y.y.y.y 3389 extendable

Where x.x.x.x = computer you want to connect to internally
and y.y.y.y = external ip address of the router

ULWiz

So this is my current sh run for the router

moborouter#sh run
Building configuration...

Current configuration : 1167 bytes
!
version 12.3
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname moborouter
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$R6mJ$301VO0cgez2pPWlFMkefa1
enable password mobonetw
!
no aaa new-model
ip subnet-zero
ip cef
!
!
!
!
!
!
!
!
interface Ethernet0/0
description interface connected to switch
ip address 192.168.1.1 255.255.255.0
ip helper-address 192.168.1.119
ip nat inside
no ip mroute-cache
full-duplex
!
interface BRI0/0
no ip address
encapsulation hdlc
shutdown
!
interface Ethernet1/0
description Comcast Cable
ip address dhcp
ip access-group 101 in
ip nat outside
no ip mroute-cache
half-duplex
no cdp enable
!
ip nat pool ovrld x.x.x.x x.x.x.x netmask 255.255.255.128
ip nat inside source list 1 pool ovrld overload
ip nat inside source static tcp 192.168.1.101 80 interface Ethernet0/0 80
no ip http server
ip classless
!
!
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 101 deny icmp any any echo
access-list 101 deny tcp any any eq telnet log
access-list 101 permit ip any any
!
line con 0
line aux 0
line vty 0 4
password mobonetw
login
!
!
end

ULWiz

Do i need to add something to the access list

Here is what i got so far

ip nat pool ovrld x.x.x.x x.x.x.x netmask 255.255.255.128
ip nat inside source list 1 pool ovrld overload
ip nat inside source static tcp 192.168.1.101 80 interface Ethernet0/0 80
ip nat inside source static tcp 192.168.1.119 3389 x.x.x.x 3389 extendable
no ip http server
ip classless
!
!
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 101 deny icmp any any echo
access-list 101 deny tcp any any eq telnet log
access-list 101 permit ip any any

dtlokee

I would start out by fixing the way you have nat configured, since your IP address is DHCP you should change all of your NAT rules to go to the interface instead of the IP address of the interface in case it changes. Your existing ACL has a permit ip any any so it is wide open and you don't need to add anything for 3389. I would consider adding some sort of ACL to limit inbound connections to the device.