We are in the process of slowly setting up our new appliance. We are messing around with allowing in bound connection for remote desktop. When we add the first one it works fine, but when we add the second one it says that port is already used. How do we add more than one??
I'm not the one that is working on this, but I believe he is trying to do this through the security policy.
Is the RDC from outside to a PC on the inside ?? Have you opened UDP port 3389 ? Have you done a static ? it seems you can do a remote desktop to the PC on the first instance and not for more than one connection ?? is that so ? if that is the case, i dont think the firewall configs are a problem.. they might have to check if they have limited the RDC connections on the end station...
Sorry I might have not been clear on what I was saying.
We are using RD from an outside machine and NATing to an inside machine. We have set it up to work with one. When we go to add another rule for another machine we get a port already in use (3389). We use RD a lot and sometime set up outside agencies to get to certain machines. We need to be able to add more than one.
You need to use another ip address if you have them. Or if you are port translating using the outside address for firewall you will need to set remote desktop to use different ports for other machines. I think I am understanding you correctly. Maybe explain what you mean by "add another rule".
Thanks for the replys everyone. I am not the one that is doing the configs on the appliance. Here is what I see in the configs (ASDM)
Under Nat the added rule looks like this:
interface - inside
source network - 192.x.x.x port 3389/tcp (inside machine)
Destination Network - any
interface - outside
Address - interface IP Port3389/tcp
There is another rule here that might have been added for this to work.
looks like that it translates any inside ip to the outside ip address (the ISP ip)
Under security policy there is also a rule.
Source/host - This is an outside IP (my home)
destination/host - My machine on the inside network
rule applied to traffic - incoming
interface - outside
I think that under the security policy is where he is trying to add another rule for access. Apparently this is where he is trying to add the rule.
Again sorry for the poor explanation, but maybe some of the above will help.
The main thing we are trying to do is to be able to use remote desktop with different outside pc to connect to various inside PCs. One outside PC will only connect to one inside PC, but we want to be able to decide the one.
So when you rdp you are using the outside address of the firewall, which in turn translates to inside machine 192.168.x.1. If you want to rdp to 192.168.x.2, you will need to forward a different port or use another ip, not outside pix address.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :