11-28-2007 12:48 PM - edited 03-03-2019 07:43 PM
Can anyone tell me why I can't get into my private network using RDP from an outside PC. I believe I have it configured to forward 3389 to a PC on the internal network, but it can't find the host. Any ideas?
!This is the running config of the router: 10.4.167.252
!----------------------------------------------------------------------------
!version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname CISCO2811
!
boot-start-marker
boot-end-marker
!
security authentication failure rate 3 log
security passwords min-length 6
logging buffered 51200 debugging
logging console critical
enable secret xxx
!
no aaa new-model
!
resource policy
!
clock timezone PCTime -6
clock summer-time PCTime date Apr 6 2003 2:00 Oct 26 2003 2:00
ip subnet-zero
no ip source-route
ip tcp synwait-time 10
!
!
ip cef
!
!
no ip bootp server
ip domain name westernmotorcompany.com
ip name-server 68.x.x.20
!
username admin privilege 15 secret xxx
!
!
!
interface FastEthernet0/0
description $ETH-SW-LAUNCH$$INTF-INFO-FE 0/0$$ES_LAN$$FW_INSIDE$$ETH-LAN$
ip address 10.4.167.252 255.255.255.0
ip access-group sdm_fastethernet0/0_in in
ip access-group sdm_fastethernet0/0_in out
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip route-cache flow
duplex auto
speed auto
no mop enabled
!
interface FastEthernet0/1
description $ES_WAN$$FW_OUTSIDE$$ETH-WAN$
ip address (outside INT x.x.x.x) 255.255.255.0
ip access-group sdm_fastethernet0/1_in in
ip access-group sdm_fastethernet0/1_out out
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip route-cache flow
duplex auto
speed auto
no mop enabled
!
interface FastEthernet0/0/0
!
interface FastEthernet0/0/1
!
interface FastEthernet0/0/2
!
interface FastEthernet0/0/3
!
interface Vlan1
ip address (outside INT x.x.x.x) 255.255.255.248
ip nat outside
!
ip classless
ip route 0.0.0.0 0.0.0.0 24.249.107.1
!
ip http server
ip http authentication local
ip http timeout-policy idle 5 life 86400 requests 10000
ip nat inside source list 1 interface FastEthernet0/1 overload
ip nat inside source static tcp 10.4.167.102 80 interface FastEthernet0/1 80
ip nat inside source static tcp 10.4.167.102 25 interface FastEthernet0/1 25
ip nat inside source static tcp 10.4.167.100 3389 interface FastEthernet0/1 3389
!
ip access-list extended sdm_fastethernet0/0_in
remark SDM_ACL Category=1
permit tcp any any
permit icmp any any
ip access-list extended sdm_fastethernet0/0_out
remark SDM_ACL Category=1
permit tcp any any
permit icmp any any
ip access-list extended sdm_fastethernet0/1_in
remark SDM_ACL Category=1
permit tcp any host (outside INT x.x.x.x) eq pop3
permit tcp any host (outside INT x.x.x.x) eq smtp
permit tcp any host (outside INT x.x.x.x) eq www
permit tcp any host (outside INT x.x.x.x) eq 3389
permit icmp any any
permit tcp any any
ip access-list extended sdm_fastethernet0/1_out
remark SDM_ACL Category=1
permit tcp any any
permit icmp any any
!
logging trap debugging
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 10.4.167.0 0.0.0.255
no cdp run
!
control-plane
!
banner login ^CAuthorized access only!
Disconnect IMMEDIATELY if you are not an authorized user!^C
!
line con 0
login local
transport output telnet
line aux 0
login local
transport output telnet
line vty 0 4
privilege level 15
login local
transport input telnet
line vty 5 15
privilege level 15
login local
transport input telnet
!
scheduler allocate 20000 1000
!
end
11-28-2007 01:06 PM
On these entries
ip nat inside source static tcp 10.4.167.102 80 interface FastEthernet0/1 80
ip nat inside source static tcp 10.4.167.102 25 interface FastEthernet0/1 25
ip nat inside source static tcp 10.4.167.100 3389 interface FastEthernet0/1 3389
___________
Replace the interface name with the IP address and use the keyword extendable.
Example,
ip nat inside source static tcp 10.4.167.100 3389 199.199.199.1 3389 extendable
11-28-2007 01:23 PM
Ahhh.....OK, I'll give it a try. Can't switch the line until later tonight, but I'll be sure to let you know what happens. So just to satisfy my curiousity, why do I have to specify the IP, if the interface is configured to use the IP I configured it for? Thanks again!
11-28-2007 03:28 PM
Because the extendable option, is not allowed when using the interface. You need to use the ip address.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide