Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

PAT and Firewall problem

Hi.

I have SOHO96 ADSL/router. I want to allow Remote Desktop from the Internet to a specific computer, as well VPN. I have no problem connecting using PAT and setting the ports (3389 for Remote Desktop for example). But that works only if firewall is disabled. If I enable the firewall nothing works. Shouldn’t firewall allow all that is set in PAT to get into the network? Should I give some CLI commands to the firewall? Could you help me to do that?

1 REPLY
Gold

Re: PAT and Firewall problem

firewall feature set or i should say cbac works by inspecting outbound traffic usually. in other words, cbac inspects the traffic originated from inside to outside and makes sure that the return traffic is permitted to get inside the network.

for any inbound access, inbound acl is required, such as permitting the rdp session from the internet.

e.g.

access-list 111 permit tcp host host eq 3389

further for remote vpn, these protocols/ports need to be permitted:

udp 500

udp 4500

esp

as well as the remote private subnet, including the peer private network and vpn client pool if configured.

e.g.

access-list 111 permit ip

access-list 111 permit ip

94
Views
0
Helpful
1
Replies
CreatePlease to create content