cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
4843
Views
0
Helpful
9
Replies

Setting up a RDP Connection on Cisco 2514

GeeksRyan
Level 1
Level 1

Hello I'm new to the site so I apologize for any errors or for any rule breaking.  I'm very green in the world of configuring routers.  I need to set up two devices with static IP address (which I think I can do).  The big challenge I have is allowing a RDP connection to the two static IP address.  I think I need a ACL and some Nat Translation maybe.  I know it is custom to post my running config so it is attached and below:

CHAMPION>enable
Password:
CHAMPION#show run
Building configuration...

Current configuration : 1300 bytes
!
version 12.1
no service single-slot-reload-enable
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname CHAMPION
!
enable secret 7 xxxxxxxxxxxxxxxxxx
enable password 7 xxxxxxxxxxxxxxxx
!
!
!
!
!
ip subnet-zero
ip name-server x.x.x.x
ip dhcp excluded-address 192.168.1.1 192.168.1.12
!
ip dhcp pool 1
   network 192.168.1.0 255.255.255.0
   default-router 192.168.1.1
   dns-server x.x.x.x x.x.x.x
!
!
!
!
interface Ethernet0
description connected to Internet
ip address x.x.x.x 255.255.255.0
ip nat outside
!
interface Ethernet1
description 192.168.1.10 security
ip address 192.168.1.1 255.255.255.0
ip nat inside
arp timeout 240
!
interface Serial0
no ip address
shutdown
!
interface Serial1
no ip address
shutdown
!
router rip
version 2
passive-interface Ethernet0
network 192.168.1.0
no auto-summary
!
ip nat inside source list 1 interface Ethernet0 overload
ip classless
ip route 0.0.0.0 0.0.0.0 x.x.x.x
ip http server
ip http port 2000
!
access-list 1 permit 192.168.1.0 0.0.0.255
snmp-server community public RO
snmp-server community communityName RW
!
line con 0
exec-timeout 0 0
password 7 13024441001F477B
login
line aux 0
line vty 0 4
password 7 06015C72475D4A48
login
!
end

1 Accepted Solution

Accepted Solutions

This static rule must be configure at global level and not under an interface:

router(config)# ip nat inside source static tcp 192.168.1.50 3389 WAN_IP_ADDRESS_of_E0_interface 3389 extendable

The WAN_IP_ADDRESS_of_E0_interface is the ip setted under the outside interface.

Eg:

if your internal PC has the ip address 192.168.1.50 and the E0 interface has the ip address 10.0.0.1 the config will be

interface Ethernet0

description connected to Internet

ip address 10.0.0.1 255.255.255.0

ip nat outside

!

interface Ethernet1

description 192.168.1.10 security

ip address 192.168.1.1 255.255.255.0

ip nat inside

arp timeout 240

!

ip nat inside source list 1 interface Ethernet0 overload

ip nat inside source static tcp 192.168.1.50 3389 10.0.0.1 3389 extendable

If you want, you can use the port triggering function to change the external port:

ip nat inside source static tcp 192.168.1.50 3389 10.0.0.1 4489 extendable

ip nat inside source static tcp 192.168.1.51 3389 10.0.0.1 5589 extendable

ip nat inside source static tcp 192.168.1.52 3389 10.0.0.1 3389 extendable

In this way you can contact the PC whit private ip 192.168.1.52 using default 3389 port, the PC whit private ip 192.168.1.51 with not standard 5589 port and so on.

Regards.

View solution in original post

9 Replies 9

Microsoft RDP uses 3389 tcp port.

You can simply add this static nat rule:

ip nat inside source static tcp 192.168.1.x 3389 WAN_IP_ADDRESS 3389 extendable

In this case all incoming traffic directed to 3389 port from outside interface will be forwarded to your inside host.

Regards.

I fear of looking really new to this I have to ask.  the 192.168.1.x is the static device and the WAN_IP_ADDRESS is my public address on the remote location. Correct?

What interface would I place this Nat translation on as well? and can the ports be changed to something that is not in use for security reasons?

Thank You

This static rule must be configure at global level and not under an interface:

router(config)# ip nat inside source static tcp 192.168.1.50 3389 WAN_IP_ADDRESS_of_E0_interface 3389 extendable

The WAN_IP_ADDRESS_of_E0_interface is the ip setted under the outside interface.

Eg:

if your internal PC has the ip address 192.168.1.50 and the E0 interface has the ip address 10.0.0.1 the config will be

interface Ethernet0

description connected to Internet

ip address 10.0.0.1 255.255.255.0

ip nat outside

!

interface Ethernet1

description 192.168.1.10 security

ip address 192.168.1.1 255.255.255.0

ip nat inside

arp timeout 240

!

ip nat inside source list 1 interface Ethernet0 overload

ip nat inside source static tcp 192.168.1.50 3389 10.0.0.1 3389 extendable

If you want, you can use the port triggering function to change the external port:

ip nat inside source static tcp 192.168.1.50 3389 10.0.0.1 4489 extendable

ip nat inside source static tcp 192.168.1.51 3389 10.0.0.1 5589 extendable

ip nat inside source static tcp 192.168.1.52 3389 10.0.0.1 3389 extendable

In this way you can contact the PC whit private ip 192.168.1.52 using default 3389 port, the PC whit private ip 192.168.1.51 with not standard 5589 port and so on.

Regards.

ebarticel
Level 4
Level 4

More questions for you...

Where are the 2 devices located? Inside the LAN? One outside and one inside? Do you have permission to RDP into LAN? Do you have an account on the destination pc, or is part of domain?

The example posted above should work. If you want to change the inside ports you need to map the nat to router inside LAN interface on the standard port and from there to device on the port you choose.

Eugen

I'm trying to go from an outside device (ie laptop with a static public address) to a device connected to the switch directly connected to the router.  As for permission to RDP I'm try to set that up.

Are you using simulation software to test this set-up or do you have real equipment?

No an actual device.

If they are windows machines, make sure that the RDP is turned on and rules are created to allow connections to the PCs(laptops).

Try to ping from one PC to the other. If doesn't succed try to do a tracert in windowds, traceroute elsewhere and see where it stops.

Please post the results after this.

Eugen

Thank you for all the help and info.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: