I just installed a Cisco RV120W to replace a Netgear FVS318G firewall/router that kept disconnecting. I am not a network engineer (far from it) but I did have enough sense to copy the settings from the old firewall. We have a server that we access remotely, but I cannot get the remote access to work on the new Cisco router. I have created a custom RDP service as I saw on an existing post, but I cannot get to the server remotely (I do have a "TO" address on both forms below. Any suggestions?
In theIPv4 Firewall RulesAdd / Edit Firewall Rule Configuration, I would look at the Actions section and change it from Always Block to Allow (as long as you have your To and From zones selected as being Trusted (LAN). In the Add / Edit Port Forwarding Configuration section, choose the RDP service you created. Make sure you choose not to always block that one, either. Select appropriate source users because if you don't, you will be allowing anyone to RDP to the server.
I still cannot get the RDP working and I am sure it is a simple fix, but darned if I can figure it out. Here are the settings I have changed according to the way they were set up on the previous firewall.
Are your source IPs 192.168.1.x and your destination IP 12.x.x.x.? If so, NAT will have to be implemented since 192.168.1.x are reserved for private IPs and private IPs cannot connect to "public" IPs without using NAT. I noticed the line in your configuration that read:
Send to Local Server (DNAT IP):
What device does this IP belong to? Are you currently utilizing NAT on this device?
Can you provide some sort of network topology that can assist in the troubleshooting? It will be helpful to know how the devices all interconnect and what IPs (edited, of course) they have.
We are using a T1 modem that connects to the Cisco RV120W. Attached to the Cisco router is a local hub and a server (IP: 192.168.1.40). We have two users that connect remotely to that server. The 12.aaa.aaa.aaa IP address is the external address that should forward to our server. I do not know what NAT is, but it is probably erroneously set up.
So the users that connect remotely to that server, are they located on the local hub? Can they successfully connect to the 192.168.1.40? By the way, you might want to think about replacing the hub with a little switch to eliminate collisions.
Okay, so the 12.aaa.aaa.aaa is trying to hit the 192.168.1.40, and it will be coming from the T1, correct?
NAT is Network Address Translation. What it does, for example, is take an "inside" address (something like your 192.168.1.x subnet) and allows it to be "converted" to an "outside" IP (something like your 12.aaa.aaa.aaa). It can also work in the reverse, too. If you are needing the 12.aaa.aaa.aaa to be able to hit the 192.168.1.40, then you may want to see if you can take that one 12.aaa.aaa.aaa address and NAT it to one of your available 192.168.1.x addresses.
If your problem is with your local users not being able to hit the server, then NAT won't be the fix for it. Essentially you would have to create a rule that says allow the two IPs that are supposed to hit the 1.40 server through the firewall only through port 3389 (RDP) and block all other attempts from those and any other users. Does that make sense?
The users that connect remotely are not on the local hub, they access the server through a remote desktop connection off premises. So it sounds like I need to set up a NAT that will link the local server's IP address (192.168.1.40) to the outside IP address 12.aaa.aaa.aaa. My computer is on the local hub and I can connect to the server on the local 192.168.x.x IP address, but if I try to get a remote desktop connection to the outside IP address 12.x.x.x I am unable to connect.
Where would I set up the NAP link?
BTW, thank you so much for putting up with my newbie questions.
Question We run asr9001 with XR 6.1.3, and we have a very long delay to
login w/ SSH 1 or 2 to the device compare to IOS device. After
investigation, the there is 1s delay between the client KEXDH_INIT and
the server (XR) KEXDH_REPLY. After debug ssh serv...
Introduction The purpose of this document is to demonstrate the Open
Shortest Path First (OSPF) behavior when the V-bit (Virtual-link bit) is
present in a non-backbone area. The V-bit is signaled in Type-1 LSA only
if the router is the endpoint of one or ...
Hi, I am seeing quite a few issues with patch install and wanted to
share my experience and workaround to this. Login to admin via CLI, then
access root with the “shell” command Issue “df –h” and you’ll probably
see the following directory full or nearly ...