RDP 3389

Answered Question
Jul 7th, 2009

Friends,

---------

Site A

74.X.X.X /28

---------

Site B

207.X.X.X /30

Host 10.104.64.118 <---Client to use RDP

---------

Scenario:

Host 10.104.64.118 from Site B needs to use remote desktop to access a server at Site A using port 3389. Both are Cisco 1841's ...Please help me set this up!

Correct Answer by pompeychimes about 7 years 7 months ago

Site A

interface "outside"

ip nat outside

ip address 74.X.X.X /28

interface "inside"

ip nat inside

ip address 192.168.1.? /??

ip nat inside source static tcp 192.168.1.1 3389 interface "outside"

Site B

interface "outside"

ip nat outside

ip address 207.X.X.X /30

interface "inside"

ip nat inside

ip address 10.104.64.? /??

ip nat pool OVERLOAD "Starting IP" "Ending IP" prefix-length "??"

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Richard Burts Tue, 07/07/2009 - 19:17

Kyle

There are a couple of significant details missing in your description. You give only a single address space for site A (using public addressing) and do not indicate whether it is an inside address space or is an outside address space. Then you give an address space for site B (using public addressing) and a separate host address (using private addressing). Are we to assume that the address space given is the outside and the host address is on the inside?

Assuming that the site B host address is inside and the other address space is outside then the first thing that you need to do is to configure address translation. Your knowledge of the situation would determine whether to configure an address pool and to do dynamic NAT or whether to do PAT. But since we do not know the environment we are not in a good position to advise which would be better.

You would also need to configure routing so that site A could communicate with site B. And if site A is doing any traffic filtering using access lists then you would need to assure that the inbound access list permitted the inbound RDP. And if there is any outbound traffic filtering then you would need to assure that it permits any RDP response traffic.

HTH

Rick

wesley.roberts Tue, 07/07/2009 - 19:49

Apologies, Changes made.

----------------------

Site A

74.X.X.X /28 WAN Outside Interface

----------------------

Site B

207.X.X.X /30 WAN Outside Interface

Host 10.104.64.118 <---Client using rdp

-----------------------

Client/host ip never changes. The client is a inside address of a users computer.

Richard Burts Wed, 07/08/2009 - 06:59

Kyle

Since you have clarified that the host at site B is inside and with a 10 address then address translation is certainly one of the requirements. My comments in my previous post about NAT (with an address pool) or PAT still apply.

Since you have not told us whether the server at site A is in the 74.x.x.x outside or is some inside address we can not address whether address translation is required at site A.

My comments in my previous post about the requirement to provide routing so that devices in both sites can communicate with each other still applies.

And the comments in my previous post about needing to make sure that any access list filtering at either site does permit the RDP traffic still applies.

HTH

Rick

wesley.roberts Wed, 07/08/2009 - 15:02

---------

192.168.1.1 <--server to be remoted

Site A

74.X.X.X /28

---------

Site B

207.X.X.X /30

Host 10.104.64.118 <---Client to use RDP

---------

Scenario:

Routing is already setup to comminucate..

Your Net admin wants you to config NAT Dynamic to allow RDP remote desktop. The user that will use RDP sits at a private static IP address at site B. The users IP address is 10.104.64.118. The resource that will be remoted at site A is 192.168.1.1

Your Net admin gives you the access list that was on the old router before the migration and apologizies for not applying NAT at the time of migration and for losing the old config. The Access list is:

permit tcp host 10.104.64.118 207.X.X.X 0.0.0.X eq3389

Host 10.104.64.118 from Site B needs to use remote desktop to access a server 192.168.1.1 at Site A using port 3389. Both are Cisco 1841's .........

Correct Answer
pompeychimes Sun, 07/12/2009 - 20:27

Site A

interface "outside"

ip nat outside

ip address 74.X.X.X /28

interface "inside"

ip nat inside

ip address 192.168.1.? /??

ip nat inside source static tcp 192.168.1.1 3389 interface "outside"

Site B

interface "outside"

ip nat outside

ip address 207.X.X.X /30

interface "inside"

ip nat inside

ip address 10.104.64.? /??

ip nat pool OVERLOAD "Starting IP" "Ending IP" prefix-length "??"

Actions

This Discussion