How to Port Forward RDP on Cisco using Telstra LTE

mpalmer22 · ‎05-21-2019

Hi, this might seem a bit basic, but I'm trying to RDP to a server which is sitting behind a Cisco 2911 which uses 4G LTE (yes I know its insecure, but its just for testing), and I can't seem to make this work.

Internal RDP works fine when my laptop is on the same switch, but over the internet doesn't work. Using a Port scanner on the external IP (which is dynamic) shows the port is closed?

The Cisco has the following Setup

================================================

interface GigabitEthernet0/0
ip address 10.90.119.161 255.255.255.224
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
no mop enabled

interface Cellular0/1/0
ip address negotiated
encapsulation slip
dialer in-band
dialer pool-member 1
dialer-group 1
async mode interactive
routing dynamic

interface Dialer1
ip address negotiated
ip nat outside
encapsulation slip
dialer pool 1
dialer idle-timeout 0
dialer string lte
dialer persistent
dialer-group 1

ip nat inside source list 1 interface Dialer1 overload

ip route 0.0.0.0 0.0.0.0 dialer 1

ip access-list extended outbound_nat
permit ip 10.90.119.160 0.0.0.31 any

dialer-list 1 protocol ip permit

access-list 1 permit 10.90.119.160 0.0.0.31

ip nat inside source static tcp 10.90.119.162 3389 interface dialer1 3389

================================================

Cellular 0/1/0 - Profile
Profile 1 = ACTIVE
PDP Type = IPv4
PDP address = 10.107.93.18
APN = telstra.internet
IP Address: 10.107.93.18
Primary DNS Address: 10.5.68.232
Secondary DNS Address: 10.5.195.164

================================================

johnd2310 · ‎05-21-2019

Hi,

What is your public address? It seems your LTE address is a private address and your provider is doing NAT as well. You might not have much luck with your type of network unless your provider can do port forwarding for you.

Thanks

John

**Please rate posts you find helpful**

mpalmer22 · ‎05-21-2019

Currently "whatsmyip" is showing 1.127.104.241
this doesn't look like a private address, tried running a tracert and it goes through
"Bundle-Ether14.wel-edge901.perth.telstra.net (139.130.16.49)" and about five more of these in each state before hitting the website.

Profile information has changed since I posted
==============================
Telstra APN is telstra.internet
PDP Address is 10.107.179.179

johnd2310 · ‎05-21-2019

What is the WAN\LTE ip address? Can you run "show ip interface brief" and "show ip route" on the router

Thanks

John

**Please rate posts you find helpful**

mpalmer22 · ‎05-22-2019

Sure
The "show ip interface brief" includes the Dialer1 Interface which has the public IP Address
Dialer1 10.107.179.179 IPCP UP

"Show IP Route" displays
Gateway of last resort is 0.0.0.0 to network 0.0.0.0
0.0.0.0/0 is directly connected to Dialer1
10.0.0.0/8 is variably subnetted, 3 subnets, 2 masks
10.90.119.160/27 is directly connected, GigabitEthernet0/0
10.90.119.161/32 is directly connected, GigabitEthernet0/0
10.107.179.179/32 is directly connected, Dialer1

Giuseppe Larosa · ‎05-22-2019

Hello mpalmer22,

your dialer1 interface has a private IP address as noted before by John

>> Dialer1 10.107.179.179 IPCP UP ! this is part of 10.0.0.0/8 in RFC 1918

Telstra is performing a successive NAT inside its network.

This is usual practice for big mobile providers. They have so many customers they cannot allocate public IPv4 addresses directly to end users.

I agree with the previous analysis made by John: you have not complete control because traffic is Natted two times: by your router and by the provider inside his network.

Hope to help

Giuseppe

johnd2310 · ‎05-22-2019

Hi,

"10.107.179.179/32 is directly connected, Dialer1"

Your WAN/Outside interface is using a private address. You are probably connecting to a private APN and your provider is natting your Internet traffic. You will have to talk to your provider if you want to allow connections from the Internet.

Thanks

John

**Please rate posts you find helpful**