Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

Access Control Lists


I'm having a problem trying to allow Microsoft Terminal Server through a router with an extended access list. I found out that the tcp port used for the application is 3389. This router separates a test network from our corporate network and has a very restricted access list which allows only dns, ftp, smtp, telnet and icmp. The access list is placed on the Ethernet interface that faces the test network for the traffic going in to the interface. The Terminal Server client is on the corporate side connecting to a server in the Test Network side. Could you help me please.

New Member

Re: Access Control Lists


one thing that you may have done is configuring the terminal server with a fixed port number Q187623 @

If not it wil use different numbers.

After that you need to creat the access-list for this if you still have problems then you have the option to configure the last entry in the access-list linke access-list 100 deny ip any any log

Best regrads

Soren Knudsen, CCNP

New Member

Re: Access Control Lists


Thank you for your reply. That was very helpful in a way that I found out the reason why the access list was blocking it. Apparently the server has a fixed port number by default (3389) and that was ok. The thing is that when the server reply to the client it uses a random port number which I don't know yet the actual range but it is in the region of 1500-2000. So what really helped was the 'deny ip log' command. Now I have allowed that range and it is working.

Thank you very much.



CreatePlease to create content