Hi,
I have configured a contract to operate between a couple of EPGs which is working as expected, however, I have a PC within one of the EPGs that I can access via RDP and I am not sure why. The source sits on our LAN and connects through a L3 Out into the ACI network.
The simplified diagram looks like below
The contract rules are below
| Rule | Ethertype | IP Protocol | Source / Range | Detination From | Destination to |
| 1 | IP | TCP | Unspecified | 61483 | 61483 |
| 2 | IP | TCP | Unspecified | 61484 | 61484 |
| 3 | IP | UDP | Unspecified | 123 | 123 |
| 4 | IP | TCP | Unspecified | 123 | 123 |
| 5 | IP | UDP | Unspecified | 323 | 323 |
| 6 | IP | TCP | Unspecified | 323 | 323 |
| 7 | IP | TCP | Unspecified | SSH | SSH |
| 8 | IP | TCP | Unspecified | 32768 | 61000 |
| 9 | IP | TCP | Unspecified | 5020 | 5020 |
The connection starts from 192.168.76.31 source port XXXX destination IP 192.168.129.209 destination port 3389. The destination port is not listed in the table above yet 3389 is allowed through. If I remove entry number 8 then RDP is denied but TCP 3389 is not listed here.
I presume that I'm missing something blatantly obvious here.
thanks for any help
Jon
1 Accepted Solution
Accepted Solutions
