Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

PAT workstations out, RDP in to server, single public IP

Sorry if this has been answered, but I can't find the solution.

I have a single static public IP on the outside interface. There are 10 workstations and a server on the inside.

I need to PAT the workstations to the Internet for web/mail/etc. I also need to RDP in from the outside to the server.

Can this be done and what does the config look like? For example, use:

outside (single public IP): 66.0.0.100

inside: 192.168.0.1

server: 192.168.0.10

workstations: 192.168.0.20 - 30

Thanks in advance.

4 REPLIES
New Member

Re: PAT workstations out, RDP in to server, single public IP

you have to put an ACL on outside_in for RDP

New Member

Re: PAT workstations out, RDP in to server, single public IP

Hi David

To permit RDP traffic to inside network, create a static entry to ouside interface ip and modify the access-list on outside interface as follows :

static (inside,outside) tcp interface 3389 192.168.0.10 3389 netmask 255.255.255.255

access-list ACL-Applied-to-Outside permit tcp any host 66.0.0.100 eq 3389

To permit hosts to go to internet

global (outside) 1 interface

nat (inside) 1 192.168.0.0 255.255.255.0

If you need only specific hosts to go out on to internet, use access-list with NAT, and if different IPs from different range which you cannot subnet properly, then use object-groups with ACL. will be easier to manage if hosts are added or deleted later on.

Hope this helps.

New Member

Re: PAT workstations out, RDP in to server, single public IP

Thanks, that makes it much easier to follow. One question though. Does the ACL you show need to be applied to the outside interface?

access-group ACL-Applied-to-Outside in interface outside

Gold

Re: PAT workstations out, RDP in to server, single public IP

access-list ACL-Applied-to-Outside permit tcp any host 66.0.0.100 eq 3389

access-group ACL-Applied-to-Outside in interface outside

alternatively, the keyword "interface outside" can be applied to the acl instead of the ip address.

e.g.

access-list ACL-Applied-to-Outside permit tcp any interface outside eq 3389

126
Views
5
Helpful
4
Replies