cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3939
Views
0
Helpful
8
Replies

RV120W RDP Set Up Help

Dansoccer9
Level 1
Level 1

I just installed a Cisco RV120W to replace a Netgear FVS318G firewall/router that kept disconnecting.  I am not a network engineer (far from it) but I did have enough sense to copy the settings from the old firewall.  We have a server that we access remotely, but I cannot get the remote access to work on the new Cisco router.  I have created a custom RDP service as I saw on an existing post, but I cannot get to the server remotely (I do have a "TO" address on both forms below.  Any suggestions?

Add / Edit Port Forwarding Configuration
Service:
Action:
Select Schedule:
Source Users:
From:
To:
Destination IP:
Forward to Port:
Port Number:(Range: 0 - 65535)
Log:


IPv4 Firewall Rules
Add / Edit Firewall Rule Configuration
From Zone:
To Zone:
Service:
Action:
Select Schedule:
Source Hosts:
From:
To:
Destination Hosts:
From:
To:
Log:
SNAT IP Type:
SNAT IP:
QoS Priority:
Send to Local Server (DNAT IP):
Port Forwarding:
Enable
Translate Port Number (DNAT Port):(Range: 0 - 65535)
Internet Destination:
Internet Destination IP:

8 Replies 8

klambert1218
Level 1
Level 1

Dan,

In theIPv4 Firewall RulesAdd / Edit Firewall Rule Configuration, I would look at the Actions section and change it from Always Block to Allow (as long as you have your To and From zones selected as being Trusted (LAN). In the Add / Edit Port Forwarding Configuration section, choose the RDP service you created. Make sure you choose not to always block that one, either. Select appropriate source users because if you don't, you will be allowing anyone to RDP to the server.

I still cannot get the RDP working and I am sure it is a simple fix, but darned if I can figure it out.  Here are the settings I have changed according to the way they were set up on the previous firewall.
Any help would be appreciated!
IPv4 Firewall Rules
Add / Edit Firewall Rule Configuration
From Zone:
To Zone:
Service:
Action:
Select Schedule:
Source Hosts:
From:
To:
Destination Hosts:
From:
To:
Log:
SNAT IP Type:
SNAT IP:
QoS Priority:
Send to Local Server (DNAT IP):
Port Forwarding:
Enable
Translate Port Number (DNAT Port):(Range: 0 - 65535)
Internet Destination:
Internet Destination IP:
Port Forwarding
Add / Edit Port Forwarding Configuration
Service:
Action:
Select Schedule:
Source Users:
From:
To:
Destination IP:
Forward to Port:
Port Number:(Range: 0 - 65535)
Log:
Custom Services
Add / Edit Custom Services Configuration
Name:
Type:
ICMP Type:
Start Port:(Range: 0 - 65535)
Finish Port:

(Range: 0 - 65535)

LAN Configuration
LAN Configuration
IP Address:
Subnet Mask:
DHCP
DHCP Mode:
Domain Name:
Starting IP Address:
Ending IP Address:
Primary DNS Server (Optional):
Secondary DNS Server (Optional):
Lease Time:Hours (Range: 1 - 262800, Default: 24)
Relay Gateway:
LAN Proxy
DNS Proxy:
Enable

See previous post

Dan,

Are your source IPs 192.168.1.x and your destination IP 12.x.x.x.? If so, NAT will have to be implemented since 192.168.1.x are reserved for private IPs and private IPs cannot connect to "public" IPs without using NAT. I noticed the line in your configuration that read:

Send to Local Server (DNAT IP):

What device does this IP belong to? Are you currently utilizing NAT on this device?

Can you provide some sort of network topology that can assist in the troubleshooting? It will be helpful to know how the devices all interconnect and what IPs (edited, of course) they have.

What IPs can you ping, if any?

The network is configured as follows:

We are using a T1 modem that connects to the Cisco RV120W.  Attached to the Cisco router is a local hub and a server (IP: 192.168.1.40).  We have two users that connect remotely to that server.  The 12.aaa.aaa.aaa IP address is the external address that should forward to our server.  I do not know what NAT is, but it is probably erroneously set up.

So the users that connect remotely to that server, are they located on the local hub? Can they successfully connect to the 192.168.1.40? By the way, you might want to think about replacing the hub with a little switch to eliminate collisions.

Okay, so the 12.aaa.aaa.aaa is trying to hit the 192.168.1.40, and it will be coming from the T1, correct?

NAT is Network Address Translation. What it does, for example, is take an "inside" address (something like your 192.168.1.x subnet) and allows it to be "converted" to an "outside" IP (something like your 12.aaa.aaa.aaa). It can also work in the reverse, too. If you are needing the 12.aaa.aaa.aaa to be able to hit the 192.168.1.40, then you may want to see if you can take that one 12.aaa.aaa.aaa address and NAT it to one of your available 192.168.1.x addresses.

If your problem is with your local users not being able to hit the server, then NAT won't be the fix for it. Essentially you would have to create a rule that says allow the two IPs that are supposed to hit the 1.40 server through the firewall only through port 3389 (RDP) and block all other attempts from those and any other users. Does that make sense?

The users that connect remotely are not on the local hub, they access the server through a remote desktop connection off premises.  So it sounds like I need to set up a NAT that will link the local server's IP address (192.168.1.40) to the outside IP address 12.aaa.aaa.aaa.  My computer is on the local hub and I can connect to the server on the local 192.168.x.x IP address, but if I try to get a remote desktop connection to the outside IP address 12.x.x.x I am unable to connect.

Where would I set up the NAP link?

BTW, thank you so much for putting up with my newbie questions.

Dan,

Please visit the following site to assist with setting up NAT on your RV120W: http://www.cisco.com/en/US/docs/routers/csbr/rv120w/administration/guide/rv120w_admin.pdf

This appears to be a great document that should be able to answer all of your questions.

No worries on the "newbies" part. We were all newbies at one time or another; besides, that's what these forums are for.

I hope the link I have provided will help you successfully set up NAT and that it solves your problems. Keep me in the know.