Pix RDP Port Forwarding issue. Help? Much appreciated

Firewalls, PIX, ASA, VPN, Access Control List, User Authentication, Data Encryption and Best Practices.
Post Reply
nguyen23464
Hello I'm new here
Posts: 1
Joined: Sat Jul 02, 2011 8:03 am
Location: georgia

Pix RDP Port Forwarding issue. Help? Much appreciated

Post by nguyen23464 » Sat Jul 02, 2011 8:14 am

Cant seem to figure this one out.
Just setup up a terminal server trying to gain port forwarding remote access.
Even when I switch IP's on the static route I cant port forwarding RDP to work.
1 External IP
When connected via VPN RDP works fine.

Any ideas would be greatly appreciated.thanks.

My entries:
access-list 101 permit tcp any interface outside eq 3389
static (inside,outside) tcp interface 3389 10.10.10.7 3389 netmask 255.255.255.255 0 0
access-group 101 in interface outside

Attached is my config

sourav kakkar
Hello I'm new here
Posts: 2
Joined: Mon Jul 18, 2011 3:12 am
Location: India

Re: Pix RDP Port Forwarding issue. Help? Much appreciated

Post by sourav kakkar » Mon Jul 18, 2011 3:20 am

Hi,

The entries are correct; this is all we need to allow TCP 3389 to internal server from outside.

access-list 101 permit tcp any interface outside eq 3389
static (inside,outside) tcp interface 3389 10.10.10.7 3389 netmask 255.255.255.255 0 0
access-group 101 in interface outside

I understand that it works over the VPN but in that case source IP (destination IP when server responds back) to which server needs to respond is different than the one when you come over internet; i.e. it is a private IP in case of VPN but a public IP in case of access from internet. So, it sounds like a routing issue to me.

Now, i don't see the complete config attached here. Can you paste the same here? Also is the server in directly connected subnet of the PIX inside? What is the DG on the server?

Regards,
Sourav Kakkar

Post Reply