Allowing port 3389

tpopejr · ‎09-25-2005

I want to allow RDP to a Windows server thru a PIX.

I've typed the following but it still doesn't work:

static (inside,outside) tcp 66.77.88.1 3389 192.168.1.100 3389

access-list allow_rdp permit tcp any host 66.77.88.1 eq 3389

access-group allow_rdp in interface outside

clear xlate

It accepts the commands but doesn't allow me to connect thru RDP.

Questions:

1). Is this port supported?

2). Is the syntax correct?

3). What command can I use to see what's happening at the PIX (what debug command)?

Thanks,

Tom

jmia · ‎09-25-2005

Tom,

Your command syntax is OK, port 3389 is supported for RDP. My question to you is, do you see any 'hit counts' for port 3389 on your outside ACL? The reason for asking is so that we can eliminate any internet routing issues.

Can you try to telnet from the outside to your public IP on port 3389 - does it connect??

Is your Win server running terminal service?

Let me know the answers to the questions above and we can look at this further, also it would be good to see your pix config (if you do post it here please take out any sensitive info).

Thanks,

Jay

jackko · ‎09-25-2005

"sh xlate | in 192.168.1.100" to verify the static statement, and you should see

Global 66.77.88.1 (3389) Local 192.168.1.100 (3389)

another thing to verify is whether the terminal service is running on .100 as expected. please verify by establishing a rdp connection locally from a pc with ip 192.168.1.x.

tpopejr · ‎10-02-2005

Sorry for the delay.

I corrected the issue. I forgot to enable RDP on the server (doh!).

Thanks for the replies.

Tom