Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
190
Views
0
Helpful
1
Replies

PAT and Firewall problem

btriad
Level 1
Level 1

‎01-18-2006 04:03 AM - edited ‎03-09-2019 01:39 PM

Hi.

I have SOHO96 ADSL/router. I want to allow Remote Desktop from the Internet to a specific computer, as well VPN. I have no problem connecting using PAT and setting the ports (3389 for Remote Desktop for example). But that works only if firewall is disabled. If I enable the firewall nothing works. Shouldn’t firewall allow all that is set in PAT to get into the network? Should I give some CLI commands to the firewall? Could you help me to do that?

Labels:
0 Helpful
1 Reply 1

jackko
Level 7
Level 7

‎01-18-2006 04:39 PM

firewall feature set or i should say cbac works by inspecting outbound traffic usually. in other words, cbac inspects the traffic originated from inside to outside and makes sure that the return traffic is permitted to get inside the network.

for any inbound access, inbound acl is required, such as permitting the rdp session from the internet.

e.g.

access-list 111 permit tcp host host eq 3389

further for remote vpn, these protocols/ports need to be permitted:

udp 500

udp 4500

esp

as well as the remote private subnet, including the peer private network and vpn client pool if configured.

e.g.

access-list 111 permit ip

access-list 111 permit ip

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents