Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

1841 with Advanced Security IOS - Firewall questions

Hi all,

I am setting up a new 1841 router for a customer. We have a few public IP addresses on one range, of which I use one for the Outside interface, and the others are mapped by static NAT to internal IP addresses on the router LAN.

This part works ok, but I cant figure out how to configure access lists or the firewall policy to allow additional traffic to access these static nat hosts. I have tried putting the whole public subnet as the destination, the individual internet address as the destination and even the private lan ip as the destination, but none of these methods allows the traffic to work

(eg. opening 3389 for Terminal Services to any of those destinations from any host does not allow terminal services to work).

Can anyone please offer some advice on what I am doing wrong and how I might get this working properly?

Thanks

  • Other Security Subjects
1 REPLY
Gold

Re: 1841 with Advanced Security IOS - Firewall questions

an inbound acl should be pointed to the public ip and the acl should be applied on the router public interface.

e.g.

access-list 111 permit tcp any host eq 3389

int d0

ip access-group 111 in

116
Views
0
Helpful
1
Replies
This widget could not be displayed.