I've got a Pix 506e V6.3. I've got a customer that needs port 3389 opened so that he can remote desktop his server. He wants to be able to type in the static outside IP address and it automaticlly point to the inside IP of the server which is 192.168.1.200 on port 3389. I use the PDM software quit abit but I'm not to familiar with using the command line. Could you please let me know what entries in the order that I would need to enter them to get this working?
Unfortunately the Pix in question is in another town and I'm not scheduled to go out there until Friday. And that is when he wants it done. I do know though that they only have 1 static outside IP. The Pix is pretty much default out of the box except that VPN is setup on it. So the default config hasn't changed much. I hope that this is enough info. If not let me know. Thank you for your quick response.
Ofcourse you will still need to allow access on port TCP/3389 in your inbound ACL like this:
access-list INBOUND permit tcp any host X.X.X.X eq 3389
access-group in interface outside
You can replace the "any" in the ACL with a specific host (lets say it's your customer's home IP address).
2. If the public IP address is assigned to the outside interface of the PIX using DHCP by the ISP, you will need to use this IP address for everything. In this case you can use ststic PAT or what we call port redirection where you connect to the public IP over a speicific port and the PIX forwards this request to an internal host using the same port number like this:
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :