Andrew, The one to one Nat is

Andrew Griggs · ‎10-16-2014

I'm having a little trouble getting the firewall features on the RV016 setup properly. I've got four WANs running and a single (the default) VLAN. I'm trying to restrict RDP access for SERVER1 to a specific range of IP addresses over WAN1, and RDP access for SERVER2 to a specific range of IP addresses over WAN2. I've setup the access rule, but it doesn't make any difference, RDP doesn't work. Even if I set the access rule to allow any IP on any WAN to RDP, it still doesn't work.

If I go up to the forwarding section, I can forward all RDP over to SERVER1, but I can't restrict what range of IPs go to it, and then of course I can't get into SERVER2.

Am I missing something in the Access Rules?

Ismael Arroyo · ‎10-16-2014

Andrew,

From my understanding you have 2 servers that need multiple RDP instances on them. Currently this router has a limitation as its not able to do Port translations. PAT would allow for multiple different external ports(such as 3389,3390) to internal port 3389 on both servers. If your network allows one to one NAT could really help with your situation.

The one to one Nat functionality will opens all ports and anyone can get to the servers. So to fix this issue you would create permit and deny statements.

First permit/allow source ip and dest ip(servers) service 3389. Following the permit statements for both server you would create a deny any rule. I now have not been as detailed, let me know if this helps you.

kind regards ,

Andrew Griggs · ‎10-20-2014

Hi iarroyo,

I've tried this, but I only have the one static IP address for each WAN. When I try to setup the one to one NAT, it won't allow me to use the IP address because it is taken by the router. Do you have any other suggestions?

Ismael Arroyo · ‎10-20-2014

Andrew,

The one to one Nat is our last option on this router. It will only work with a range of public ip addresses, which goes for all small business routers. Do apologies for the inconvenience. An RV130 will accomplish the port forwarding you are trying to do with RDP. Though i suggest this as ISP would charge for those extra public ip's for the one to one nat.

Mehdi Boukraa · ‎10-20-2014

Hi Andrew,

My name is Mehdi From Cisco Technical Support,

please follow this steps,

1. Remove the port forwarding which you created for the two server and also if you have any access rules related to the RDP

2. Please go to Setup --> UPnP --> Service management // Please don't enable UPnP

3. You will have a windows with :

Service name : Server 1

Protocol : TCP

External port : example 3434 for server 1

Internal Port : 3389 (Internal port)

4. click add to list

5. do the same for server 2 but different external Port for example 3435 and internal should be the same 3389

6. Again click on Add to List

7. click OK

now on the same page please select from the dropdown menu your new service for server 1 and put the internal ip address of server 1 and enable it and do the same for server 2

8. Until now we should have access to the Server using RDP to have access, to access it public IP : external port

9. If we done this now we need to configure the restriction using Access rule under firewall

10. Please add a new rule :

Action : Allow

Service : Any

Source interface : WAN1

Source IP : Range of the public IP which accessing from (RDP Clients)

Destination : Internal IP of server 1

11. Click Save

12. Create another rule for server two

Action : Allow

Service : Any

Source interface : WAN2

Source IP : Range of the public IP which accessing from (RDP Clients)

Destination : Internal IP of server 2

13. Deny rule for the rest of the IP to server 1

Action : Deny

Service : Any

Source interface : ANY

Source IP : Any

Destination : Internal IP of server 1

14. Deny rule for the rest of the IP to server 2

Action : Deny

Service : Any

Source interface : ANY

Source IP : Any

Destination : Internal IP of server 1

Please test this steps and let us know

Please rate this post or mark as answered to help other Cisco Customers

Regards

Mehdi

RV016 Firewall