05-25-2010 04:32 AM - edited 03-11-2019 10:50 AM
Hi all,
I currently have a 2800 series router with firewall OS which NATs port 443 to my Exchange server (see below).
ip nat inside source static tcp (exchange IP) 443 interface FastEthernet 0/1 443
I would like to evaluate RDP (Terminal Services) for remote access on a Windows 2008 Box however RDP now uses port 443 which means when I connect through the router I get a certificate error as the OWA certificate is returned from the exchange box instead of the terminal services cert from the 2008 box.
I have port 443 open to any host on my external IP as below:
permit tcp any host (external IP) eq 443
Sorry if this is a bit simplistic I don't often work on Cisco equipment..
David
05-25-2010 05:12 AM
David,
Not sure I understand.
RDP should be tcp/3389 (AFAIR).
Adding a rule:
---------
ip nat inside source static tcp (rdp_server) 3389 interface FastEthernet 0/1 3389
----------
And an ip access-list entry accordingly should make RDP work.
If for some reason the rdp_server hosts RDP on port 443 you can always "cheat" the system.
--------
ip nat inside source static tcp (rdp_server) 443 interface FastEthernet 0/1 3389
---------
More details appreciated
Marcin
05-25-2010 06:18 AM
Thanks for the reply Marcin
Windows 2008 Server now has a TS Gateway which uses port 443, I have used NAT and port 3389 which works fine but this does not allow connection to TS Gateway and therefore the SSL cert.
I have attached my current config, less the IP addresses etc. Would you work around (ip nat inside source static tcp (rdp_server) 443 interface FastEthernet 0/1 3389) solve my problem? Just thought I would ask before I go and change the router config.
Many thanks David
05-25-2010 06:39 AM
05-25-2010 07:13 AM
David,
Not sure if the RDP client is smart enough to do SSL/TLS on standard 3389 port.
I would say it's worth a shot.
Marcin
05-26-2010 12:50 AM
Hi Marcin,
Unfortunately that didn't work, I still get the certificate name mismatch as the exchange cert is presented instead of the TS Gateway Cert.
(ip nat inside source static tcp +(rdp_server)+ 443 interface FastEthernet 0/1 3389)
I think it's the NAT rule below which is screwing things up..
ip nat inside source static tcp (Exchange IP) 443 interface FastEthernet0/1 443
The above is only for OWA I think, I may have to look at changing the port for this rather than a rule on the firewall.
Any other suggestions would be appreciated though as I would rather have one port open (443) than have to open another for the TS Gateway.
David
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide