Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Allowing RDP traffic

I am using a Cisco PIX 515e with three interfaces outside, inside, DMZ. I am providing VPN access via the pix the issue I am having is when I connect to my network via VPN I cannot RDP to servers in my DMZ. I can RDP to servers on my internal network.

When I connect to the VPN I get an IP address of 192.168.10.x, My inside IP addresses are 192.168.1.x my DMZ addresses are 192.168.5.x.

I created an ACL to allow traffic over port 3389 (RDP) from 192.168.10.0 to 192.168.5.13 (server in my dmz) the acl looks like:

access-list vpn_access_dmz permit tcp host 192.168.10.0 host 192.168.5.13 eq 3389

The issue is I am not sure which interface this access list should be applied to (inside, outside, dmz?) Does anyone have an idea or can give me some pointers?

Thanks for any help!

Bill

4 REPLIES
Green

Re: Allowing RDP traffic

Don't worry about that access list, you shouldn't need it.

You most likely need to add nat exemption for the dmz hosts.

access-list DMZ_nat0_outbound extended permit ip 192.168.5.0 255.255.255.0 192.168.10.0 255.255.255.0

nat (DMZ) 0 access-list DMZ_nat0_outbound

New Member

Re: Allowing RDP traffic

Thanks for the help, in your access-list command what is the 'extended' command for?

New Member

Re: Allowing RDP traffic

it is used for (Outbond) connection.

Green

Re: Allowing RDP traffic

Sorry, I had ASA on the brain, you don't need "extended".

access-list DMZ_nat0_outbound permit ip 192.168.5.0 255.255.255.0 192.168.10.0 255.255.255.0

nat (DMZ) 0 access-list DMZ_nat0_outbound

163
Views
0
Helpful
4
Replies
CreatePlease to create content