Troubleshooting NAT - not allowing RDP session

aducey01 · ‎06-17-2013

I'm using a 2601 router and it's not letting me rdp to my desktop.

ip nat inside source list natpool interface FastEthernet0/0 overload

ip nat inside source static tcp 10.22.22.24 3389 176.x.x.x 3389 extendable

ip access-list extended natpool

deny ip 10.22.22.0 0.0.0.255 10.0.0.0 0.255.255.255

deny ip 10.22.22.0 0.0.0.255 136.200.0.0 0.0.255.255

permit ip any any

R1#show ip nat translations

Pro Inside global Inside local Outside local Outside global

tcp 176.x.x.x:3389 10.22.22.24:3389 --- ---

thanks!

mfurnival · ‎06-17-2013

Hi,

Initiate an RDP connection to the outside interface address and do a "debug ip nat" and post the results here.

aducey01 · ‎06-17-2013

looks like NAT's working, no?

Jul 18 12:10:20.033: NAT: expiring 176.x.x.x (10.22.22.100) udp 46749 (46749)

*Jul 18 12:10:20.073: NAT*: s=136.200.176.191, d=176.x.x.x->10.22.22.24 [32284]

*Jul 18 12:10:20.489: NAT: s=10.22.22.100->176.x.x.x, d=66.60.130.2 [39379]

*Jul 18 12:10:20.505: NAT: s=66.60.130.2, d=176.x.x.x->10.22.22.100 [0]

*Jul 18 12:10:21.057: NAT: expiring 176.x.x.x (10.22.22.100) udp 56994 (56994)

cadet alain · ‎06-17-2013

Hi,

have you got any ACL on the inside interface or zome IOS firewall configuration that could block the return traffic ?

Hve you tested from inside that the RDP port is accessible first ? if yes then can you post your sanitized config.

Regards

Alain

Don't forget to rate helpful posts.

aducey01 · ‎06-17-2013

I can RDP in the other direction...

cadet alain · ‎06-17-2013

Hi,

What do you mean by that? you can RDP to an outside device from inside? But that does n't mean that tcp sourced from port 3389 is permitted from inside, it means that tcp to dst port 3389 is not denied.

Regards

Alain

Don't forget to rate helpful posts.

aducey01 · ‎06-17-2013

sorry guys...this was a case of kaspersky blocking RDP...fixed now, thanks!