Help enable 3389 from DMZ to Inside

Unanswered Question
Mar 26th, 2010
User Badges:

I'm using Pix 520 rev 4.2


I need to enable a computer in the DMZ RDP access to computers (entire scope) behind the INSIDE interface. How can i do this?


Ex. Machine (192.168.4.5/24 only) in DMZ needs to RDP into Machines (172.16.5.x/21) on the INSIDE network.


BTW: I'm limited to the "Conduit Permit" command

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Kureli Sankar Fri, 03/26/2010 - 13:35
User Badges:
  • Cisco Employee,

You need static (inside,dmz) 172.16.5.0 172.16.5.0 netmask 255.255.248.0


Then you need to allow the DMZ hosts via an ACL to reach the inside hosts on port 3389.


-KS

Jennifer Halim Fri, 03/26/2010 - 20:59
User Badges:
  • Cisco Employee,

With the static configuration that kusankar advise, here is the conduit configuration:


conduit permit tcp 172.16.5.0 255.255.248.0 eq 3389 host 192.168.4.5


Hope that helps.

Actions

This Discussion