10-31-2008 10:34 AM - edited 03-11-2019 07:06 AM
Hi,
I need to configure following:
Source: 10.1.0.0/16, 10.3.0.0/16 and 10.8.0.0/16(NAT to 192.168.2.1)
Destination: 172.16.2.2
Service: RDP
Could you please help me out by giving me the exact commands to run.
Thanks
Vin
10-31-2008 10:40 AM
global (outside) 1 192.168.2.1
nat (inside) 1 10.1.0.0 255.255.0.0
nat (inside) 1 10.3.0.0 255.255.0.0
nat (inside) 1 10.8.0.0 255.255.0.0
I'm guessing on the interfaces here and the device but I think it's something like this.
10-31-2008 10:43 AM
Thanks for your quick reply. But you did not say anything about the destination address??
10-31-2008 10:44 AM
Vin
Just a quick update on Brent's post. If you want to only NAT these networks if the destination is 172.16.2.2 and RDP
access-list 101 permit tcp 10.1.0.0 255.255.0.0 host 172.16.2.2 eq rdp
access-list 101 permit tcp 10.3.0.0 255.255.0.0 host 172.16.2.2 eq rdp
access-list 101 permit tcp 10.8.0.0 255.255.0.0 host 172.16.2.2 eq rdp
nat (inside) 2 access-list 101
global (outside) 2 192.168.2.1
Jon
10-31-2008 10:45 AM
access-list policy_nat extended permit tcp 10.1.0.0 255.255.0.0 host 172.16.2.2 eq 3389
access-list policy_nat extended permit tcp 10.3.0.0 255.255.0.0 host 172.16.2.2 eq 3389
access-list policy_nat extended permit tcp 10.8.0.0 255.255.0.0 host 172.16.2.2 eq 3389
edit:
nat (inside) 1 access-list policy_nat
global (outside) 1 192.168.2.1
10-31-2008 10:48 AM
Sorry,
My bad .. was too quick on the draw, didn't even think of using the acl ..
My better way.
10-31-2008 10:55 AM
All together i have to write the following commands: (am i right)
nat (inside) 1 10.1.0.0 255.255.0.0
nat (inside) 1 10.3.0.0 255.255.0.0
nat (inside) 1 10.8.0.0 255.255.0.0
access-list policy_nat extended permit tcp 10.1.0.0 255.255.0.0 host 172.16.2.2 eq 3389
access-list policy_nat extended permit tcp 10.3.0.0 255.255.0.0 host 172.16.2.2 eq 3389
access-list policy_nat extended permit tcp 10.8.0.0 255.255.0.0 host 172.16.2.2 eq 3389
nat (inside) 1 access-list policy_nat
global (outside) 1 192.168.2.1
question here: RDP protocol is already configured but i need to change the port number (So how to find the rdp port and how to change it to some other port)???
10-31-2008 10:58 AM
If you are going to do this
access-list policy_nat extended permit tcp 10.1.0.0 255.255.0.0 host 172.16.2.2 eq 3389
access-list policy_nat extended permit tcp 10.3.0.0 255.255.0.0 host 172.16.2.2 eq 3389
access-list policy_nat extended permit tcp 10.8.0.0 255.255.0.0 host 172.16.2.2 eq 3389
nat (inside) 1 access-list policy_nat
global (outside) 1 192.168.2.1
Then I believe you don't need this.
nat (inside) 1 10.1.0.0 255.255.0.0
nat (inside) 1 10.3.0.0 255.255.0.0
nat (inside) 1 10.8.0.0 255.255.0.0
10-31-2008 11:02 AM
HI,
I need to use another port number for RDP protocol
- if i use rdp protocol in access list but before using it - want to change the port number from 3389 to some other?
how can i do that??
10-31-2008 11:03 AM
no nat (inside) 1 10.1.0.0 255.255.0.0
no nat (inside) 1 10.3.0.0 255.255.0.0
no nat (inside) 1 10.8.0.0 255.255.0.0
I assumed you wanted rdp, remote desktop protocol, which is tcp 3389. If you want something else, just change 3389 to whatever you want.
10-31-2008 11:07 AM
there is a RDP object-group exists in the config. i want to either change it to some other port number or want to create a another rdp group and assign new port number -pls tell me how to write commands for that?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide