03-14-2007 12:42 AM - edited 03-03-2019 04:09 PM
Hi,
I am having issues passing RDP or port 3389 traffic through the 837 router.
I have the following setup
ISP---837---Switch---Muptilpe firewalls
The 837 is assigned a static public ip address on dialer 1 by the ISP.
There is a static IP address assigned to ethernet0.
The IP address on etherneto is part of a block of 32 plublic IP addresses.
I'd like the router to pass all traffic and not block any ports.
I have several firewalls on the inside of the router with public ip addresses with ports forwarded to private LAN servers.
E.g FW1 port forward http and ft
FW2 port forwards smtp and pop3
etc
I have two firewalls forwarding RDP port 3389.
When I am on the inside of the router I can get tjrough the firewalls and use RDP. So this is not a firewall issue.
I beleive its a router issue (maybe acces lists)
I have also tested with a XP pc ad assigned a public IP address. from inside router all ok but if I am on a remote network outside the router I can not rdp to any hosts.
Again all other ports we use are working (http,pop3,smtp,ftp ect)
This is a copy of the Router config. Your assistance is appreciated.
Building configuration...
Current configuration : 2338 bytes
!
version 12.2
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
no service password-encryption
service sequence-numbers
!
hostname xxxxx
!
memory-size iomem 15
logging queue-limit 100
logging buffered 51200 debugging
logging console critical
enable secret xxx
!
clock timezone PCTimeZone 10
ip subnet-zero
no ip source-route
ip tcp synwait-time 10
ip domain name 111.net.au
ip name-server xxxxxxxxxxx
ip name-server xxxxxxxxxxx
!
!
no ip bootp server
ip cef
ip audit notify log
ip audit po max-events 100
ip ssh time-out 60
ip ssh authentication-retries 2
no ftp-server write-enable
!
!
!
!
!
!
!
interface Ethernet0
description $FW_INSIDE$$ETH-LAN$
ip address x.x.x.33 255.255.255.224
no ip redirects
no ip unreachables
no ip proxy-arp
ip route-cache flow
ip tcp adjust-mss 1452
no cdp enable
hold-queue 100 out
!
interface ATM0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip route-cache flow
no atm ilmi-keepalive
dsl operating-mode auto
!
interface ATM0.1 point-to-point
pvc 8/35
pppoe-client dial-pool-number 1
!
!
interface Dialer0
description $FW_INSIDE$
ip address dhcp client-id Ethernet0
encapsulation ppp
ip route-cache flow
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication chap callin
ppp chap hostname xxxxxxxxxxxxxxxxx
ppp chap password 0 xxxxxxxxxxxxxxxxxxxxxx
!
interface Dialer1
no ip address
encapsulation ppp
no cdp enable
ppp chap hostname xxxxxxxxxxxxxxxxxxxxxxx
ppp chap password 0 xxxxxxxxxxxxxxxxxxxxxxxxxxx
!
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer0 permanent
ip route x.x.x.32 255.255.255.224 Ethernet0 permanent
ip http server
ip http authentication local
ip http secure-server
!
logging trap debugging
dialer-list 1 protocol ip permit
no cdp run
banner login ^CAuthorized access only!
Disconnect IMMEDIATELY if you are not an authorized user!^C
!
line con 0
login local
no modem enable
transport output telnet
stopbits 1
line aux 0
login local
transport output telnet
stopbits 1
line vty 0 4
privilege level 15
login local
transport input telnet ssh
!
scheduler max-task-time 5000
scheduler interval 500
!
end
03-15-2007 06:44 AM
Hi,
The problem could be related to the MTU size since you're using 1452 for the LAN and 1500 (default) for the WAN (Dialer). Please put the following configuration:
Ethernet0
ip tcp adjust-mss 1360
!
interface Dialer0
ip mtu 1492
!
Hope it helps!
Regards,
Juan
08-08-2007 04:10 AM
Try this:
interface Ethernet0
ip unreachables
no ip route-cache (for IPSec process switching)
interface ATM0
ip unreachables
no ip route-cache
--
Zhenya.Iosiphov
Cisco Ingineer
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide