How to manage Cisco 871 via https!

Unanswered Question
Aug 10th, 2010
User Badges:

Hi,


Can somone please assist me with this request:


I have a Cisco 871 for a client of mine that I can ssh to. I woule like to be able to manage it with https.

I am not too familiar with IOS CLI and woule be more comfortable with Cisco SDM.


Your helop is greately appreciated.


Thanks

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
rtjensen4 Tue, 08/10/2010 - 10:49
User Badges:
  • Bronze, 100 points or more

Go into config and enable https server:

ip http secure-server

cammarkho Tue, 08/10/2010 - 12:16
User Badges:

Hi,


I appreciate your inut very much.

I ssh to the firewall and when I ran the comand config, it asked me if it's console or network so I chose console (see attached screen shot

I enabled https remote management.

I wanted to add another RDP to one of the machines in the office but nstead of cloning the (10.222.0.2) entry, I deleted it (by accident )

Now, I have recreayed that NAT plus another one to the workstation but now I can't get to either one of them. The SDM said that it saved the config successfully.


Do I need to reboot it?

Attachment: 
cammarkho Tue, 08/10/2010 - 13:34
User Badges:

I figured it out...

My question now is how do I add nother NAT to the workstation 10.222.0.103

This is what i just added to the server's RDP conenction in NAT: ip nat inside source static tcp 10.222.0.2 3389 interface FastEthernet4 3389

If I do the same for the workstation ip nat inside source static tcp 10.222.0.103 3389 interface FastEthernet4 3389 how would the firewall know where to rout me to?


Thanks

rtjensen4 Tue, 08/10/2010 - 13:39
User Badges:
  • Bronze, 100 points or more

The only way to accomplish another NAT to 3389 on your other machine is to use a different port or a different IP.

You could do:


ip nat inside source static tcp 10.222.0.103 3389 interface FastEthernet4 3390


That would direct any requests to port 3390 on Fe4 to port 3389 on  your host. The problem with this is I dont think you can set the Windows RDP client to point at a different port number.



EDIT:

I did a quick google, you can change the port in your RDP client, just do it like this: :

If you do that, my example above will work.


Message was edited by: rtjensen4

cammarkho Tue, 08/10/2010 - 13:54
User Badges:

Thanks all for the info.

This is Microsoft KB on how to change the client's RDP port in the registry: http://support.microsoft.com/kb/306759

Since there is only 1 static IP on the public interface, both the client and host workstations will have to have the RDP port that they listen to changed to be the same.
Otherwise, this will not work.

rtjensen4 Tue, 08/10/2010 - 14:00
User Badges:
  • Bronze, 100 points or more

If you do the NAT statement like this:


ip nat inside source static tcp 10.222.0.103 3389 interface FastEthernet4 3390


When the router sees a request to port 3390 on the outside interface, it will redirect it to port 3389 on 10.222.0.103.  The host will see just a regular connection to port 3389. The router does the translation for you. Trust me, give it a try. it will work. You don't need to change the port that the service listens on on the PC.

cammarkho Tue, 08/10/2010 - 14:04
User Badges:

I just added the entry in the firewall. When I hit the public IP from my Laptop, it will take me directly to the server. If I give the public IP to the client, it will take him directly to the server as well.

I really think that I have to change the ports that the workstation is listening to.

cammarkho Wed, 08/11/2010 - 07:25
User Badges:

Hi,


I decided to use VPN instead.


How do I delete the NAT RDP that I created?

Thanks

Actions

This Discussion