Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
899
Views
0
Helpful
4
Replies

PIX 506e RDP Configuration

sbsi_cisco
Level 1
Level 1

‎06-12-2007 03:59 PM - edited ‎03-11-2019 03:29 AM

The question I have is regarding the PIX 506e v6.3 and trying to configure RDP to pass through.

Scenario: External IP address 10.1.0.23, internal 192.168.7.23.

Permit Rule source 10.1.0.23 Dest. 192.168.7.23

It builds a translation rule but wants to put 192.168.7.23 on both internal and external ports.

We can manually configure the translation rule to show correctly but RDP still does not work. We are configuring the firewall using the cisco PDM. Please help, thanks in advance!

Labels:
0 Helpful
4 Replies 4

vitripat
Level 7
Level 7

‎06-12-2007 04:04 PM

Hi ,

As you are doing configuration from PDM, following should be the result of the translation rule-

static (inside,outside) 10.1.0.23 192.168.7.23

You can check this by going to:

Tools -> command line interface -> show static

Next in order to permit traffic, you need to permit as following-

source interface : outside

permit source : any

source port : any

destination interface : inside

destination IP : 192.168.7.23

destination port: 3389

protocol : tcp

Result should be-

access-list permit tcp any host 10.1.0.23 eq 3389

Hope this helps.

Regards,

Vibhor.

0 Helpful

sbsi_cisco
Level 1
Level 1
In response to vitripat

‎06-13-2007 08:58 AM

I followed your advice, but it still doesn't want to work. I tried it both in the PDM and reset the pix back to factory defaults and used the CLI with the following commands:

static (inside,outside) 192.168.7.23 10.1.0.23 netmask 255.255.255.255 0 0

access-list acl permit tcp any host 192.168.7.23 eq 3389

I'm able to ping the firewall but not gain RDP access to the requested server. Thanks in advance

0 Helpful

vitripat
Level 7
Level 7
In response to sbsi_cisco

‎06-13-2007 09:05 AM

Ok .. lemme verify things here ..

- What is the orignal IP address of the RDP server installed on the inside interface of PIX? 192.168.7.23? OR 10.1.0.23?

1) If it is 192.168.7.23, and you need to access this server from outside using 10.1.0.23, following commands are required-

static (inside,outside) 10.1.0.23 192.168.7.23

access-list outin permit tcp any host 10.1.0.23 eq 3389

access-group outin in interface outside

2) If it is 10.1.0.23, and you need to access this server from outside using 192.168.7.23, following commands are required-

static (inside,outside) 10.1.0.23

access-list outin permit tcp any host 192.168.7.23 eq 3389

access-group outin in interface outside

Let me know if that works.

Regards,

Vibhor.

0 Helpful

sbsi_cisco
Level 1
Level 1
In response to vitripat

‎06-13-2007 09:18 AM

works like a charm . . . thanks for your all your help!

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card