Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Allowing port 3389

I want to allow RDP to a Windows server thru a PIX.

I've typed the following but it still doesn't work:

static (inside,outside) tcp 66.77.88.1 3389 192.168.1.100 3389

access-list allow_rdp permit tcp any host 66.77.88.1 eq 3389

access-group allow_rdp in interface outside

clear xlate

It accepts the commands but doesn't allow me to connect thru RDP.

Questions:

1). Is this port supported?

2). Is the syntax correct?

3). What command can I use to see what's happening at the PIX (what debug command)?

Thanks,

Tom

  • Other Security Subjects
3 REPLIES
Gold

Re: Allowing port 3389

Tom,

Your command syntax is OK, port 3389 is supported for RDP. My question to you is, do you see any 'hit counts' for port 3389 on your outside ACL? The reason for asking is so that we can eliminate any internet routing issues.

Can you try to telnet from the outside to your public IP on port 3389 - does it connect??

Is your Win server running terminal service?

Let me know the answers to the questions above and we can look at this further, also it would be good to see your pix config (if you do post it here please take out any sensitive info).

Thanks,

Jay

Gold

Re: Allowing port 3389

"sh xlate | in 192.168.1.100" to verify the static statement, and you should see

Global 66.77.88.1 (3389) Local 192.168.1.100 (3389)

another thing to verify is whether the terminal service is running on .100 as expected. please verify by establishing a rdp connection locally from a pc with ip 192.168.1.x.

New Member

Re: Allowing port 3389

Sorry for the delay.

I corrected the issue. I forgot to enable RDP on the server (doh!).

Thanks for the replies.

Tom

116
Views
0
Helpful
3
Replies
This widget could not be displayed.