PIX 506E Access List Problem

jbrunsting · ‎01-24-2008

I have a server behind the firewall which, up until a couple of weeks ago, I was able to RDP into (it's a Windows server). Now suddenly I can't, though everything seems to be fine on the server side of things. I know the commands used are old here, but it was set up a while ago by someone else. Could someone confirm that this looks right to pass RDP (TCP port 3389) traffic through?

tstanik · ‎01-30-2008

Although you have a conduit configured for RDP, a better approach is to use access lists. You can open port 3389 for RDP using an access list. Following link may help you

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00807d287e.shtml

jbrunsting · ‎01-31-2008

I'm far more familiar with access lists, myself, so I don't really know how these conduits work. But you're basically saying I could toss the conduit for RDP and just use an access list (which I've used for this before)? I just don't want to break anything. But if that's what you mean, then couldn't most of those conduits be done through access lists?

jmia · ‎02-01-2008

Hi, yes, please move away from conduit statements to ACL's.

Original Doc from Cisco...

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_field_notice09186a00801d3621.shtml

Command reference on how to convert from conduits to ACL's...

http://www.cisco.com/en/US/docs/security/pix/pix63/command/reference/c.html#wp1026209

Hope it helps, pls rate posts!