Hello to all,
I want to map port 3389 from my WAN interface to a LAN host, but i only want that a unique IP can connect with this device; this is the configuration that i was made:
imagine that 2.2.2.2 is the public IP of the machine that i want to acces to my LAN.
the LAN IP address is 1.1.1.1 and the public IP of my LAN is 10.10.10.10. ok first i have to configure the static NAT:
ip nat inside source static tcp 1.1.1.1 3389 10.10.10.10 3389 extendable
and then i have created and ACL and apply it to my WAN interface, in this case dialer 0;
access-list 101 permit tcp host 2,2,2,2 eq 3389 any eq 3389
access-list 101 deny tcp any eq 3389 any eq 3389
access-list 101 permit ip any any
once the access-list is generated i have applied it in, dialer 0 interface IN:
ip access-group 101 in
but i still can connect to my LAN from any IP what's wrong?
thanks in advance
regards
