05-22-2012 05:21 AM
I have the following network topology:
PC1 <=> Switches L2 <=> Switch L2/L3 <=> PIX <=> Router <=> INTERNET <=> Adsl Modem/Router <=> PC2
I want from the PC2 to make RDP connection to PC1.
The PC1 has a private static IP Address (10.10.10.10).
Teamviewer is not a option for my implementation.
According to a cisco document i found the below proposed solution:
1) Configure an access-list on the PIX
access-list Outside_access_In permit tcp any host 197.197.197.197 eq 3389
2) Apply the access-list
access-group Outside_access_In in interface outside
3) Configure the static NAT
static (inside,outside) 197.197.197.197 10.10.10.10 netmask 255.255.255.255
Does this configuration recommend as i have (with any) all the Internet space to allow access to RDP service.
If in the future it exists the necessity to add an additional private IP address for access via RDP, how it will possible to change my above configuration as i don't want to wast all my public IP Addresses.
05-22-2012 08:56 AM
Hi Kostas,
Your config looks fine to me and you should not have any problem accessing your internal device @10.10.10.10.
However you can go on translating to specific port as well, rather than ip to ip translation.
static (inside,outside) tcp 197.197.197.197 3389 10.10.10.10 3389 netmask 255.255.255.255.
"If in the future it exists the necessity to add an additional private IP address for access via RDP, how it will possible to change my above configuration as i don't want to wast all my public IP Addresses."
To address your question above, it is just like your ACL says allow port "3389" and likewise you could have an allow to different port, 80, 443, or whatever port allow and create a static-nat to a different IP (i.e. private IP) to different interested port on the same public addresss, so you are not wasting public address.
I hope this answrs your question.
Please rate helpful post.
thanks
Rizwan Rafeek
05-22-2012 07:35 PM
Please rate helpful post.
thanks
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide