Route RDP traffic through separate router

Unanswered Question
Oct 28th, 2014
User Badges:

Hi,

 

I have 2 x Cisco 887 routers both using ADSL2+.

 

I want to send all traffic through one router apart from RDP traffic which I want to route through the second router (see attached jpg)

 

I want the first router to be the Default Gateway for all the clients.

 

Can someone help me with the routing configuration?

 

Thanks alot

Attachment: 
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Aref Alsouqi Wed, 10/29/2014 - 07:28
User Badges:
  • Bronze, 100 points or more

Hi Mintola1976,

 

You would apply a PBR (Policy-Based Routing). In my example, I would assume that the default gateway router interface connected to that LAN is Vlan1.

 

1) Define an access list for matching the interested traffic from your LAN towards any RDP:

access-list 110 permit tcp any any eq 3389

 

2) Define the route map:

route-map REROUTE-RDP permit 10
 match ip address 110
 set ip next-hop 172.21.21.253

 

3) Apply the route map on the interface:

interface vlan1
 ip policy route-map REROUTE-RDP

 

To verify if the policy is working or not, you would use the command "deb ip policy".

 

Regards,

Aref

Andrew Duffield Wed, 10/29/2014 - 17:52
User Badges:

Hi Aref,

 

Thanks so much for this.

 

Regarding the second router on 172.21.21.253, how would I best connect that to the gateway router?

 

Would I directly attach from Cisco to Cisco, or connect it to the switch on its VLAN1 interface.

 

Also, would I need to set up NAT on the second router and configure PAT to forward 3389 to the first cisco?

 

Thank you

Aref Alsouqi Wed, 10/29/2014 - 20:03
User Badges:
  • Bronze, 100 points or more

You are very welcome Mintola.

 

I would connect them directly. Assuming that you have already natting enabled on RDP router, you would not have to apply any particular natting for RDP traffic, since that traffic would be natted based on the natting rule already applied on the RDP router, and it would come back without any problem unless you have any access list applied in inbound direction on the dialer interface that would block it, so no, you don't have to do any portforwarding. Portforwarding or static nat would have been needed in case you were to enable traffic from outside towards inside destined to RDP.

 

Regards,

Aref

Andrew Duffield Sun, 11/02/2014 - 13:51
User Badges:

Thanks Aref, you are a great help.

 

Just regarding the connection from the gateway router to the RDP router, would I just create VLAN1 (172.21.21.253) on the RDP router, plug a cable from eth1 on the Gateway router to eth0 on the gateway router?

Would that enable the Gateway router to pass traffic through the RDP router?

 

Thanks

Aref Alsouqi Sun, 11/02/2014 - 14:10
User Badges:
  • Bronze, 100 points or more

Thank you, I really appreciate your kind words.

Yes, that would be enough, assuming you have all the other routing configuration set correctly towards the ISP, in other words, both of the routers can be on the same LAN with different ip address obviously, that's it.

Regards,

Aref