10-31-2008 10:34 AM - edited 03-11-2019 07:06 AM
Hi,
I need to configure following:
Source: 10.1.0.0/16, 10.3.0.0/16 and 10.8.0.0/16(NAT to 192.168.2.1)
Destination: 172.16.2.2
Service: RDP
Could you please help me out by giving me the exact commands to run.
Thanks
Vin
10-31-2008 10:40 AM
global (outside) 1 192.168.2.1
nat (inside) 1 10.1.0.0 255.255.0.0
nat (inside) 1 10.3.0.0 255.255.0.0
nat (inside) 1 10.8.0.0 255.255.0.0
I'm guessing on the interfaces here and the device but I think it's something like this.
10-31-2008 10:43 AM
Thanks for your quick reply. But you did not say anything about the destination address??
10-31-2008 10:44 AM
Vin
Just a quick update on Brent's post. If you want to only NAT these networks if the destination is 172.16.2.2 and RDP
access-list 101 permit tcp 10.1.0.0 255.255.0.0 host 172.16.2.2 eq rdp
access-list 101 permit tcp 10.3.0.0 255.255.0.0 host 172.16.2.2 eq rdp
access-list 101 permit tcp 10.8.0.0 255.255.0.0 host 172.16.2.2 eq rdp
nat (inside) 2 access-list 101
global (outside) 2 192.168.2.1
Jon
10-31-2008 10:45 AM
access-list policy_nat extended permit tcp 10.1.0.0 255.255.0.0 host 172.16.2.2 eq 3389
access-list policy_nat extended permit tcp 10.3.0.0 255.255.0.0 host 172.16.2.2 eq 3389
access-list policy_nat extended permit tcp 10.8.0.0 255.255.0.0 host 172.16.2.2 eq 3389
edit:
nat (inside) 1 access-list policy_nat
global (outside) 1 192.168.2.1
10-31-2008 10:48 AM
Sorry,
My bad .. was too quick on the draw, didn't even think of using the acl ..
My better way.
10-31-2008 10:55 AM
All together i have to write the following commands: (am i right)
nat (inside) 1 10.1.0.0 255.255.0.0
nat (inside) 1 10.3.0.0 255.255.0.0
nat (inside) 1 10.8.0.0 255.255.0.0
access-list policy_nat extended permit tcp 10.1.0.0 255.255.0.0 host 172.16.2.2 eq 3389
access-list policy_nat extended permit tcp 10.3.0.0 255.255.0.0 host 172.16.2.2 eq 3389
access-list policy_nat extended permit tcp 10.8.0.0 255.255.0.0 host 172.16.2.2 eq 3389
nat (inside) 1 access-list policy_nat
global (outside) 1 192.168.2.1
question here: RDP protocol is already configured but i need to change the port number (So how to find the rdp port and how to change it to some other port)???
10-31-2008 10:58 AM
If you are going to do this
access-list policy_nat extended permit tcp 10.1.0.0 255.255.0.0 host 172.16.2.2 eq 3389
access-list policy_nat extended permit tcp 10.3.0.0 255.255.0.0 host 172.16.2.2 eq 3389
access-list policy_nat extended permit tcp 10.8.0.0 255.255.0.0 host 172.16.2.2 eq 3389
nat (inside) 1 access-list policy_nat
global (outside) 1 192.168.2.1
Then I believe you don't need this.
nat (inside) 1 10.1.0.0 255.255.0.0
nat (inside) 1 10.3.0.0 255.255.0.0
nat (inside) 1 10.8.0.0 255.255.0.0
10-31-2008 11:02 AM
HI,
I need to use another port number for RDP protocol
- if i use rdp protocol in access list but before using it - want to change the port number from 3389 to some other?
how can i do that??
10-31-2008 11:03 AM
no nat (inside) 1 10.1.0.0 255.255.0.0
no nat (inside) 1 10.3.0.0 255.255.0.0
no nat (inside) 1 10.8.0.0 255.255.0.0
I assumed you wanted rdp, remote desktop protocol, which is tcp 3389. If you want something else, just change 3389 to whatever you want.
10-31-2008 11:07 AM
there is a RDP object-group exists in the config. i want to either change it to some other port number or want to create a another rdp group and assign new port number -pls tell me how to write commands for that?
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: