Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Help enable 3389 from DMZ to Inside

I'm using Pix 520 rev 4.2

I need to enable a computer in the DMZ RDP access to computers (entire scope) behind the INSIDE interface. How can i do this?

Ex. Machine (192.168.4.5/24 only) in DMZ needs to RDP into Machines (172.16.5.x/21) on the INSIDE network.

BTW: I'm limited to the "Conduit Permit" command

2 REPLIES
Cisco Employee

Re: Help enable 3389 from DMZ to Inside

You need static (inside,dmz) 172.16.5.0 172.16.5.0 netmask 255.255.248.0

Then you need to allow the DMZ hosts via an ACL to reach the inside hosts on port 3389.

-KS

Cisco Employee

Re: Help enable 3389 from DMZ to Inside

With the static configuration that kusankar advise, here is the conduit configuration:

conduit permit tcp 172.16.5.0 255.255.248.0 eq 3389 host 192.168.4.5

Hope that helps.

182
Views
0
Helpful
2
Replies
CreatePlease to create content