Problem accessing port 3389 for RDC

info · ‎10-17-2006

I want to connect from the ouside to one PC in my VLAN3. The target PC is 192.168.3.175.

Here is details on my access-list 103:

Extended IP access list 103

10 permit udp any any eq bootps

20 permit udp any any eq bootpc

30 permit udp any eq bootps any

40 permit udp any eq bootpc any

50 permit ip 192.168.3.0 0.0.0.255 192.168.3.0 0.0.0.255 (48 matches)

60 permit ip 192.168.3.0 0.0.0.255 host 192.168.2.175

70 permit tcp any host 192.168.3.175 eq 3389

80 permit tcp any 192.168.3.0 0.0.0.255 eq 5900

90 deny ip 192.168.3.0 0.0.0.255 192.168.0.0 0.0.255.255

100 permit ip any any (85 matches)

110 permit tcp any any eq 3389

120 permit tcp any any eq 5900

Here is my ip nat inside:

ip nat inside source static tcp 192.168.3.175 3389 interface Vlan1 3389

Without the IP nat inside command, Remote Desktop Connection tell "unreachable" within 2 seconds. When I enter IP nat command again, it take 30 seconds to tell me it's unreachable.

No firewall in the PC and the connection is working from another PC in the lan.

Any ideas?

Thanks.

Collin Clark · ‎10-17-2006

Do you have ip nat inside and outside on the correct interfaces?

globalnettech · ‎10-18-2006

Hello,

try and add the keyword 'extendable' to your NAT statement, and see if that makes a difference:

ip nat inside source static tcp 192.168.3.175 3389 interface Vlan1 3389 extendable

Regards,

GNT

info · ‎10-18-2006

I'm not familiar with the ip nat outside...

Error is reported when I add "extendable" (^ on the e).

I'll attach my show run with this post. Note that the PC is located at 192.168.3.175 (member of vlan3 that is using access-list 103). I also tried to add port 5900 (for realVNC test) and it's not working either.

The outside IP is a static one: 207.253.66.210.

Thank you so much; I can't find anything.