Re: Port forwarding with multiple public IP addresses
Stephen, You will use a number of items in the ISA to set this up.
1) For each RDP port, create a Service Object which is in the Networking section (i.e. RDP_3400...3401...3402...)
2) For each computer, create an Address Object which is in the Networking section (i.e. PC1...2...3...)
3) For public IP you wish to use, create an Address Object which is in the Networking Section (i.e. RDP_IP)
4) In the Firewall section, create one Advanced NAT rule for each PC. The Translated Source Address will be the RDP_IP. The Original Source Address will be the PC IP (i.e. PC1). The Original and Translated Destination Services will be the RDP port (i.e. RDP_3400). From is LAN and To is WAN. Everything else is Any.
5) Finally, in the Firewall section, create one ACL Rule for each PC. An example would be From WAN to LAN, Services RDP_3400, Source Any, Destination PC1, Match Action Permit.
A word of caution. If you're going to allow RDP access to internal PCs, it would be highly advisable to limit where those connections can be made from. If you can identify the source addresses that will be connecting, you can create Address Objects/Groups with those IPs and the add them to the Source section of your ACL Rule instead of using Any. Using Any means that I can port scan you, see the open port, try to connect, and then you're depending on Microsoft for security...which hasn't been shown to be a good practice. I hope this is helpful.
Sent from Cisco Technical Support iPhone App
Please rate all helpful posts and mark correct answers to assist others searching for solutions in the community.
Hi every one!!!When you are configuring a remote VPN connection, there
are some steps that are lost on the path. Here you can see those steps.
A) In your Cisco device: 1. Ensure you don´t have any rule denying the
traffic between the device and the remote...
You have a Cisco Unified Communications Manager (CUCM) system and want
to configure a SPA112 analog telephone adaptor (ATA) to register to the
CUCM so that you can use up to two analog phones or similar FXS devices
with the CUCM.In this application note, ...
Introduction: This document describes how to connect SG300 with Catalyst
switch via STP. Spanning Tree Protocol (STP) is a Layer 2 protocol that
runs on mainly on switches. The specification for STP is IEEE 802.1D.
The main purpose of STP is to ensure tha...