Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

Port forwarding 3389

I've got a Pix 506e V6.3. I've got a customer that needs port 3389 opened so that he can remote desktop his server. He wants to be able to type in the static outside IP address and it automaticlly point to the inside IP of the server which is on port 3389. I use the PDM software quit abit but I'm not to familiar with using the command line. Could you please let me know what entries in the order that I would need to enter them to get this working?


New Member

Re: Port forwarding 3389

You should post config to get the best answer. If you have mutiple external IP addresses, you would do it one way, if you only have 1 external IP, you would do it another.

New Member

Re: Port forwarding 3389

Unfortunately the Pix in question is in another town and I'm not scheduled to go out there until Friday. And that is when he wants it done. I do know though that they only have 1 static outside IP. The Pix is pretty much default out of the box except that VPN is setup on it. So the default config hasn't changed much. I hope that this is enough info. If not let me know. Thank you for your quick response.

New Member

Re: Port forwarding 3389


I will assume some settings and will try to help you out here, hope you find it helpful:

1. if you have multiple IP addresses (or a subnet) routed to your PIX from your ISP, you can use one of the IP addresses and statically NAT it using the following command:

static(inside,outside) X.X.X.X netmask

Ofcourse you will still need to allow access on port TCP/3389 in your inbound ACL like this:

access-list INBOUND permit tcp any host X.X.X.X eq 3389

access-group in interface outside

You can replace the "any" in the ACL with a specific host (lets say it's your customer's home IP address).

2. If the public IP address is assigned to the outside interface of the PIX using DHCP by the ISP, you will need to use this IP address for everything. In this case you can use ststic PAT or what we call port redirection where you connect to the public IP over a speicific port and the PIX forwards this request to an internal host using the same port number like this:

static(inside, outside) tcp interface 3389 3389 netmask

with the same ACL of course.

This is all I can say with the information that you have provided, hope you can make use of it.

Good Luck.


CreatePlease to create content