Solved: Allowing RDP Access Through 1711 using PPPoE

niall-wilkins · ‎12-21-2008

Hey All,

I am trying allow Remote Desktop Access through my 1711 router thats using PPPOE. I have configured the following line in my config

ip nat source static udp 10.1.20.2 3389 interface dialer 1 3389

but I cant RDP to the computer on my network with the IP of 10.1.20.2. I need to make this computer accessible from the internet via RDP but at the same time allow other computers access to the internet. Here is a copy of my config as well. Is it because I am missing an access-list??

Current configuration : 1790 bytes

!

version 12.4

service timestamps debug datetime msec

service timestamps log datetime msec

service password-encryption

!

hostname Cisco_1711

!

boot-start-marker

boot-end-marker

!

enable password 7 052D1400265F1B5F4E5D

!

no aaa new-model

ip cef

!

ip auth-proxy max-nodata-conns 3

ip admission max-nodata-conns 3

no ip dhcp use vrf connected

!

ip dhcp pool Data_Vlan_20

network 10.1.20.0 255.255.255.0

default-router 10.1.20.1

!

ip domain name home.com

!

username xxxxxxxxx password 7 xxxxxxxxxx

!

interface FastEthernet0

no ip address

duplex auto

speed auto

pppoe enable group global

pppoe-client dial-pool-number 1

!

interface FastEthernet1

!

interface FastEthernet2

switchport access vlan 30

!

interface FastEthernet3

!

interface FastEthernet4

switchport access vlan 20

!

interface Vlan1

no ip address

!

interface Vlan20

ip address 10.1.20.1 255.255.255.0

ip nat inside

ip virtual-reassembly

ip tcp adjust-mss 1380

!

interface Vlan30

ip address 192.168.150.1 255.255.255.0

ip nat inside

ip virtual-reassembly

ip tcp adjust-mss 1380

!

interface Dialer1

ip address negotiated

ip mtu 1492

ip nat outside

ip virtual-reassembly

encapsulation ppp

dialer pool 1

ppp authentication chap callin

ppp pap sent-username xxxxxxx password 7 xxxxxxxx

!

ip forward-protocol nd

ip route 0.0.0.0 0.0.0.0 Dialer1

!

no ip http server

no ip http secure-server

ip nat source static udp 10.1.20.2 3389 interface Dialer1 3389

ip nat inside source list NAT_ADDRESSES interface Dialer1 overload

!

ip access-list extended NAT_ADDRESSES

permit ip host 10.1.20.2 any

permit ip host 192.168.150.2 any

permit ip host 10.1.20.3 any

!

control-plane

!

line con 0

line aux 0

line vty 0 4

privilege level 15

login local

transport input ssh

!

end

Sannie179 · ‎12-21-2008

Greetings,

RDP uses tcp to establish the connection on port 3389, try changing your static nat statement to this:

ip nat source static tcp 10.1.20.2 3389 interface Dialer1 3389

Regards,

Sannie

View solution in original post

Sannie179 · ‎12-21-2008

Greetings,

RDP uses tcp to establish the connection on port 3389, try changing your static nat statement to this:

ip nat source static tcp 10.1.20.2 3389 interface Dialer1 3389

Regards,

Sannie

niall-wilkins · ‎12-22-2008

I added

ip nat source static tcp 10.1.20.2 3389 interface Dialer1 3389

but I still can not RDP to this computer over the internet. RDP works on the internal network so I know its not a windows issue. Is their a debug command I can run to see whats happening?

ohassairi · ‎12-22-2008

1-can you add the keyword: extendable at the end of the rdp nat and try again?

2-r you making rdp to the public IP or the private ip?

3-is there any firewall between rtr and PC?

niall-wilkins · ‎12-24-2008

I resolved the issue by excluding the IP address 10.1.20.2 from DHCP. It wasnt working because the PC was getting a dynamic IP. Anyway thanks for the help