09-12-2003 05:14 AM - edited 02-20-2020 10:59 PM
I have an internet user that is trying to connect to a server using RDP in Windows XP. The server that is trying to be reached is on the internal network, but has a static mapping from the external network(internet). I have opened up TCP port 3389 on the firewall going to that server. The internet user is still unable to make the RDP connection.
I have tested the RDP connection internally.
Is there something that I am missing?
The static map is as follows:
*** access-list outside_access_in permit tcp any host xxx.xxx.xxx.114 eq 3389 ***
* IP addresses have been changed to protect the innocent :) *
TIA,
Noah
09-12-2003 05:37 AM
There are several things to try ...
1st do a 'clear arp' and 'clear xlate'
-check your access-group
-check the access-list counters to see if the counters are increasing when the user tries to connect
-you showed the access-list entry but you did not send the static entry, can you post that also.
09-12-2003 05:54 AM
Noah,
The other post from 'dhouser' suggests some good points to look at, also, were have you placed the above ACL, is applied on the inside interface with access-group inside or outside interface with access-group outside? If your user on the internet needs to come back in to your inside network then you'll require a static command and a ACL to accomplish your task. Can you post your PIX config (remember to change passwords/inside IPs) thanks.
Jay
09-12-2003 08:03 AM
OOOps, sorry bout that. Here is the config on the firewall that pertains to this particular connection:
*********************************************
name 10.xxx.xxx.1 SWGSA
--
access-list outside_access_in permit tcp any host 68.xxx.xxx.114
--
pdm location SWGSA 255.255.255.255 inside
--
static (inside,outside) 68.xxx.xxx.114 SWGSA netmask 255.255.255.255 0 0
--
access-group outside_access_in in interface outside
*********************************************
BTW, Thanks for the responses that I have recieved so far...
Noah
09-15-2003 02:09 AM
Hi,
I would start by looking in your log files? If it's the firewall dropping the request you would see a DENY entry with source/destination addresses.
Secondly is your windows machine configured with a route to the firewall?
Hope this helps.
Regards
Steven
09-24-2003 07:23 AM
***********************************************
I would start by looking in your log files?
If it's the firewall dropping the request you
would see a DENY entry with source/destination
addresses.
***********************************************
Log files, great idea...pretend i'm a n00b and
have no experience with a pix 515 and give me
a hint as where to look for the log files..:)
***********************************************
Secondly is your windows machine configured
with a route to the firewall?
***********************************************
Are you referring to a permanent route to the
external address of the firewall or the ip
address of the external ip address of the
server they are trying to connect to?
Thanks for the advice and comments..I really appreciate the help I am getting here.
Noah
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: