08-31-2005 11:10 AM - edited 02-21-2020 12:21 AM
We use a Cisco 515E PIX with NAT as our firewall! We need to allow a remote user using Microsofts Remote Desktop software to gain access to 2 of our servers which have static ip addresses. Can you give me the commands or steps needed to accomplish this! I would like to have encryption on this connection also! Thank you!
08-31-2005 01:30 PM
Randy,
From reading your post, it seems that you want RDP access for your users via secure encryption. So what you can do is setup VPN client access to your PIX (See link below), and then run the RDP access to your servers via the VPN, this way you have encrypted access to your servers.
http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a008009442e.shtml
Hope this helps and if it does please rate post as it might help others.
Thanks -
Jay
09-02-2005 10:19 AM
Jay,
Thank you so much for answering my question! I need to clarify some things for you as your answer wasn't exactly what I was looking for plus I told you we need a secure and encrypted connection which we do not! The remote user told me he wants to use MS Remote Desktop and enter the public ip address to get to 2 of our servers. I asked the remote user if he is using a vpn connection and he assured me he is not just straight Remote Desktop from Microsoft! We are setup for NAT and our external address pool is 192.168.100.0. I apologize for not having accurate information the first time!
09-02-2005 10:29 AM
OK Randy, not a problem. Can you post up your PIX config (take out any sensitive info) either here or directly to me at jmia@ohgroup.co.uk and I'll try to sort this out for you. Is your user initiating from static IP address i.e. another network? If so, if you provide the public IP address (of your user network) then you can setup RDP access ONLY from this source address - so that you know ONLY this user is accessing your servers! i.e. host to host for RDP access! If the user is using dynamic IP address then you'll need to allow any user access to port 3389 (RDP) on your internal servers - I personally don't recommend this, unless you are authenticating the RDP user with a authentication server, such as RADIUS.
Thanks -
Jay
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide