Allowing RDP traffic

Unanswered Question
Aug 12th, 2008

I am using a Cisco PIX 515e with three interfaces outside, inside, DMZ. I am providing VPN access via the pix the issue I am having is when I connect to my network via VPN I cannot RDP to servers in my DMZ. I can RDP to servers on my internal network.

When I connect to the VPN I get an IP address of 192.168.10.x, My inside IP addresses are 192.168.1.x my DMZ addresses are 192.168.5.x.

I created an ACL to allow traffic over port 3389 (RDP) from to (server in my dmz) the acl looks like:

access-list vpn_access_dmz permit tcp host host eq 3389

The issue is I am not sure which interface this access list should be applied to (inside, outside, dmz?) Does anyone have an idea or can give me some pointers?

Thanks for any help!


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
acomiskey Tue, 08/12/2008 - 09:01

Don't worry about that access list, you shouldn't need it.

You most likely need to add nat exemption for the dmz hosts.

access-list DMZ_nat0_outbound extended permit ip

nat (DMZ) 0 access-list DMZ_nat0_outbound

kcgpassport Tue, 08/12/2008 - 09:48

Thanks for the help, in your access-list command what is the 'extended' command for?

acomiskey Tue, 08/12/2008 - 10:00

Sorry, I had ASA on the brain, you don't need "extended".

access-list DMZ_nat0_outbound permit ip

nat (DMZ) 0 access-list DMZ_nat0_outbound


This Discussion