RDP via extended access-list

Krantor · ‎01-31-2018

Hi guys,

i have a problem with an extended access-list. We want to connect to a PC which has RDP enabled. We also allow port 3389 tcp and udp. But we can not get a connection. I see a SYN but no SYN/ACK.

Do i have some misconfiguration?

ip access-list extended ACL-VLAN380-OUTGOING
remark Ping
permit icmp any 172.31.0.0 0.0.255.255
remark DHCP
permit udp any host 172.31.25.132 eq bootps
remark RDP
permit tcp any 172.31.0.0 0.0.255.255 eq 3389
permit udp any 172.31.0.0 0.0.255.255 eq 3389
remark Implicit-Deny
deny ip any any log

Thanks

Julio E. Moisa · ‎01-31-2018

Hi

Is it applied for inbound traffic on the device?

>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<

Richard Burts · ‎01-31-2018

Can we assume that this ACL is applied on interface vlan 380? And can we assume that the subnet on this interface is 172.31.0.0 255.255.0.0? And of course we need to know if this is applied inbound on outbound.

HTH

Rick

HTH

Rick

Krantor · ‎02-01-2018

Hi together,

yes the ACL is bound to vlan 380 inbound

(ip access-group ACL-VLAN380-OUTGOING in)

And the IP range of the VLAN is 172.31.38.0 /24

Thanks

Jon Marshall · ‎02-01-2018

You have applied the acl in the wrong direction.

Inbound means traffic coming from the 172.31.38.x devices not traffic going to them.

Jon

Richard Burts · ‎02-01-2018

Jon is correct that if the ACL is applied inbound then 172.31.38 should be the source address in the ACL. You have coded it as the destination.

HTH

Rick

HTH

Rick