global (outside) 3 outsideIPaddress netmask 255.255.255.255
conduit permit tcp host outsideIPaddress eq 3389 any
conduit permit tcp host outsideIPaddress eq www any
For outsideIPaddress put in the actual outside IP address. The first is to allow a global address recognizable by the outside world, the second is to allow TS traffic, the third is in case you are using TSWEB. the only other note is this: If you decide to change the default TS port for security change it here as well from 3389 to the new port.
We have another entry for the internal IP address of the TS server, but I think it is surplus to requirements.
MS Terminal Services runs over TCP Port 3389. Obviously this well known so any security conscience individual would not want to open that port on their Firewall. Luckily you can adjust the port the client (regular RDP5 and the Web client) uses.
But as for the PIX itself... assuming you have an outside IP that is not being used for anything else right now. All you have to do (works on my 2 PIX 506's and 520) is add - -
access-list (name of inbound access-list) permit tcp any host (unless you need to specify a specific host or hosts) 10.10.10.10 (outside IP) eq 3389 (or other port like 56566 or sumsuch in the high unused area)
access-list inbound permit tcp any host 10.10.10.10 eq 56566
and then you need to add a static... assuming you want to access just one specific machine....
static tcp 10.10.10.10 56566 192.168.1.2 3389
If you just want to do it without changing ports just leave that 56566 as 3389 and you set.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :