Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
553
Views
0
Helpful
4
Replies

RV016 Firewall

Andrew Griggs
Level 1
Level 1

‎10-16-2014 07:36 AM

I'm having a little trouble getting the firewall features on the RV016 setup properly.  I've got four WANs running and a single (the default) VLAN.  I'm trying to restrict RDP access for SERVER1 to a specific range of IP addresses over WAN1, and RDP access for SERVER2 to a specific range of IP addresses over WAN2.  I've setup the access rule, but it doesn't make any difference, RDP doesn't work.  Even if I set the access rule to allow any IP on any WAN to RDP, it still doesn't work. 

If I go up to the forwarding section, I can forward all RDP over to SERVER1, but I can't restrict what range of IPs go to it, and then of course I can't get into SERVER2.

Am I missing something in the Access Rules?

Labels:
0 Helpful
4 Replies 4

Ismael Arroyo
Level 1
Level 1

‎10-16-2014 10:58 AM

Andrew,

 

From my understanding you have 2 servers that need multiple RDP instances on them. Currently this router has a limitation as its not able to do Port translations. PAT would allow for multiple different external ports(such as 3389,3390) to internal port 3389 on both servers. If your network allows one to one NAT could really help with your situation. 

 

The one to one Nat functionality will opens all ports and anyone can get to the servers. So to fix this issue you would create permit and deny statements.

First permit/allow  source ip and dest ip(servers)  service 3389. Following the permit statements for both server you would create a deny any rule. I now have not been as detailed, let me know if this helps you.

kind regards ,

 

0 Helpful

Andrew Griggs
Level 1
Level 1
In response to Ismael Arroyo

‎10-20-2014 09:58 AM

Hi iarroyo,

I've tried this, but I only have the one static IP address for each WAN.  When I try to setup the one to one NAT, it won't allow me to use the IP address because it is taken by the router.  Do you have any other suggestions?

0 Helpful

Ismael Arroyo
Level 1
Level 1
In response to Andrew Griggs

‎10-20-2014 10:15 AM

Andrew,

 

The one to one Nat is our last option on this router. It will only work with a range of public ip addresses, which goes for all small business routers. Do apologies for the inconvenience. An RV130 will accomplish the port forwarding you are trying to do with RDP. Though  i suggest this as ISP would charge for those extra public ip's for the one to one nat.

 

0 Helpful

Mehdi Boukraa
Cisco Employee
Cisco Employee
In response to Andrew Griggs

‎10-20-2014 10:57 AM

Hi Andrew,

My name is Mehdi From Cisco Technical Support, 

please follow this steps,

1. Remove the port forwarding which you created for the two server and also if you have any access rules related to the RDP

2. Please go to Setup --> UPnP --> Service management // Please don't enable UPnP

3. You will have a windows with : 

    Service name : Server 1

    Protocol : TCP

    External port : example 3434 for server 1

    Internal Port : 3389 (Internal port)

4. click add to list

5. do the same for server 2 but different external Port for example 3435 and internal should be the same 3389

6. Again click on Add to List

7. click OK 

now on the same page please select from the dropdown menu your new service for server 1 and put the internal ip address of server 1 and enable it and do the same for server 2

8. Until now we should have access to the Server using RDP to have access, to access it public IP : external port

9. If we done this now we need to configure the restriction using Access rule under firewall

10. Please add a new rule :

     Action : Allow

     Service : Any

     Source interface : WAN1

     Source IP : Range of the public IP which accessing from (RDP Clients)

     Destination : Internal IP of server 1

11. Click Save

12. Create another rule for server two

      Action : Allow

      Service : Any

      Source interface : WAN2

      Source IP : Range of the public IP which accessing from (RDP Clients)

      Destination : Internal IP of server 2

13. Deny rule for the rest of the IP to server 1

      Action : Deny

      Service : Any

      Source interface : ANY

      Source IP : Any

      Destination : Internal IP of server 1

 

 

14. Deny rule for the rest of the IP to server 2

      Action : Deny

      Service : Any

      Source interface : ANY

      Source IP : Any

      Destination : Internal IP of server 1

 

Please test this steps and let us know

Please rate this post or mark as answered to help other Cisco Customers

Regards

Mehdi

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents