12-21-2008 07:45 AM - edited 03-06-2019 03:05 AM
Hey All,
I am trying allow Remote Desktop Access through my 1711 router thats using PPPOE. I have configured the following line in my config
ip nat source static udp 10.1.20.2 3389 interface dialer 1 3389
but I cant RDP to the computer on my network with the IP of 10.1.20.2. I need to make this computer accessible from the internet via RDP but at the same time allow other computers access to the internet. Here is a copy of my config as well. Is it because I am missing an access-list??
Current configuration : 1790 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname Cisco_1711
!
boot-start-marker
boot-end-marker
!
enable password 7 052D1400265F1B5F4E5D
!
no aaa new-model
ip cef
!
!
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
no ip dhcp use vrf connected
!
ip dhcp pool Data_Vlan_20
network 10.1.20.0 255.255.255.0
default-router 10.1.20.1
!
!
ip domain name home.com
!
!
!
!
username xxxxxxxxx password 7 xxxxxxxxxx
!
!
!
!
!
!
interface FastEthernet0
no ip address
duplex auto
speed auto
pppoe enable group global
pppoe-client dial-pool-number 1
!
interface FastEthernet1
!
interface FastEthernet2
switchport access vlan 30
!
interface FastEthernet3
!
interface FastEthernet4
switchport access vlan 20
!
interface Vlan1
no ip address
!
interface Vlan20
ip address 10.1.20.1 255.255.255.0
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1380
!
interface Vlan30
ip address 192.168.150.1 255.255.255.0
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1380
!
interface Dialer1
ip address negotiated
ip mtu 1492
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 1
ppp authentication chap callin
ppp pap sent-username xxxxxxx password 7 xxxxxxxx
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer1
!
no ip http server
no ip http secure-server
ip nat source static udp 10.1.20.2 3389 interface Dialer1 3389
ip nat inside source list NAT_ADDRESSES interface Dialer1 overload
!
ip access-list extended NAT_ADDRESSES
permit ip host 10.1.20.2 any
permit ip host 192.168.150.2 any
permit ip host 10.1.20.3 any
!
!
control-plane
!
!
line con 0
line aux 0
line vty 0 4
privilege level 15
login local
transport input ssh
!
end
Solved! Go to Solution.
12-21-2008 10:45 PM
Greetings,
RDP uses tcp to establish the connection on port 3389, try changing your static nat statement to this:
ip nat source static tcp 10.1.20.2 3389 interface Dialer1 3389
Regards,
Sannie
12-21-2008 10:45 PM
Greetings,
RDP uses tcp to establish the connection on port 3389, try changing your static nat statement to this:
ip nat source static tcp 10.1.20.2 3389 interface Dialer1 3389
Regards,
Sannie
12-22-2008 05:44 PM
I added
ip nat source static tcp 10.1.20.2 3389 interface Dialer1 3389
but I still can not RDP to this computer over the internet. RDP works on the internal network so I know its not a windows issue. Is their a debug command I can run to see whats happening?
12-22-2008 09:48 PM
1-can you add the keyword: extendable at the end of the rdp nat and try again?
2-r you making rdp to the public IP or the private ip?
3-is there any firewall between rtr and PC?
12-24-2008 04:11 AM
I resolved the issue by excluding the IP address 10.1.20.2 from DHCP. It wasnt working because the PC was getting a dynamic IP. Anyway thanks for the help
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide