cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
713
Views
0
Helpful
1
Replies

fail to rdp from outside

Hey guys,

I want to access one of the server (172.19.100.17) using rdp.

I already configured the pix 501 but not success to perform the rdp.

Could you all detect the problem with my config.

Below are my config

Building configuration...

: Saved

:

PIX Version 6.3(1)

interface ethernet0 auto

interface ethernet1 auto

interface ethernet2 auto

nameif ethernet0 outside security0

nameif ethernet1 inside security100

nameif ethernet2 intf2 security4

enable password 3leFmTa3rJEpFu3l encrypted

passwd 3leFmTa3rJEpFu3l encrypted

hostname IST

domain-name IST.COM

clock timezone MYT 8

fixup protocol ftp 21

fixup protocol h323 h225 1720

fixup protocol h323 ras 1718-1719

fixup protocol http 80

fixup protocol ils 389

fixup protocol rsh 514

fixup protocol rtsp 554

fixup protocol sip 5060

fixup protocol sip udp 5060

fixup protocol skinny 2000

fixup protocol smtp 25

fixup protocol sqlnet 1521

names

object-group service rdp tcp

port-object range 3389 3390

access-list inside_access_in permit tcp any any eq domain

access-list inside_access_in permit udp any any eq domain

access-list inside_access_in permit icmp any any

access-list outside_access_in permit tcp any host 203.x.x.30 object-group rdp

access-list inside_outbound_nat0_acl permit ip any 172.19.100.96 255.255.255.240

access-list outside_cryptomap_dyn_20 permit ip any 172.19.100.96 255.255.255.240

pager lines 24

logging on

logging timestamp

logging trap warnings

logging facility 22

logging device-id string pixfirewall

logging host inside Linux_File_Srv

icmp permit host necare outside

icmp permit host 172.19.100.101 outside

mtu outside 1500

mtu inside 1500

mtu intf2 1500

ip address outside 203.x.x.30 255.255.255.248

ip address inside 172.19.100.20 255.0.0.0

no ip address intf2

ip verify reverse-path interface outside

ip verify reverse-path interface inside

ip audit info action alarm

ip audit attack action alarm

ip local pool klccippool 172.19.100.101-172.19.100.105

pdm logging warnings 100

pdm history enable

arp timeout 14400

global (outside) 10 interface

nat (inside) 0 access-list inside_outbound_nat0_acl

nat (inside) 10 0.0.0.0 0.0.0.0 0 0

static (inside,outside) 203.x.x.28 Linux_File_Srv netmask 255.255.255.255 0 0

static (inside,outside) 203.x.x.29 Database_Srv netmask 255.255.255.255 0 0

static (inside,outside) 203.x.x.30 172.19.100.17 netmask 255.255.255.255 0 0

access-group outside_access_in in interface outside

access-group inside_access_in in interface inside

route outside 0.0.0.0 0.0.0.0 203.x.x.25 1

no snmp-server location

no snmp-server contact

snmp-server community public

no snmp-server enable traps

floodguard enable

sysopt connection permit-ipsec

crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac

crypto dynamic-map outside_dyn_map 20 match address outside_cryptomap_dyn_20

crypto dynamic-map outside_dyn_map 20 set transform-set ESP-3DES-MD5

crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map

crypto map outside_map client authentication LOCAL

crypto map outside_map interface outside

isakmp enable outside

isakmp policy 20 authentication pre-share

isakmp policy 20 encryption 3des

isakmp policy 20 hash md5

isakmp policy 20 group 2

isakmp policy 20 lifetime 86400

vpngroup abc address-pool klccippool

vpngroup abc dns-server 203.x.x.25 203.x.x.24

vpngroup abc idle-time 1800

vpngroup abc password ********

ssh timeout 20

console timeout 0

username necsg password jt43jBARiBYEfoN7 encrypted privilege 15

username necare password BkPn6VQ0VwTy7MY7 encrypted privilege 15

terminal width 80

Cryptochecksum:16907b7aa99b9f619f4986a59a5bd693

: end

[OK]

1 Reply 1

Hey all,

i already managed to sort out the problem. I reconfigure the acl and now it work fine