Cisco Support Community
Community Member

Terminal Services

Trying to move a client over to the UC520 from a SonicWall and had a few problems today wiht it.

Customer states they are running terminal services.  There data company stated that this was fromt he SonicWall and we need to make these changes for items to work.

CAMERAS 8000 12000 TCP     

CAMERAS1 8000 12000 UDP     

SR Camera 7000 7000 UDP     

SR Camera1 7000 7000 TCP     

second RDP 4489 4489 TCP

RDP = 3389 TCP

Send E-Mail (SMTP) = 25 TCP

1 Through 16 is for their spam filtering at AppRiver

1     (WAN) (LAN) Send E-Mail (SMTP) Allow       

2     (WAN) (LAN) Send E-Mail (SMTP) Allow       

3     (WAN) (LAN) Send E-Mail (SMTP) Allow       

4     (WAN) (LAN) Send E-Mail (SMTP) Allow       

5     (WAN) (LAN) Send E-Mail (SMTP) Allow       

6     (WAN) (LAN) Send E-Mail (SMTP) Allow       

7     (WAN) (LAN) Send E-Mail (SMTP) Allow       

8     (WAN) (LAN) Send E-Mail (SMTP) Allow       

9     (WAN) (LAN) Send E-Mail (SMTP) Allow       

10  (WAN) (LAN) Send E-Mail (SMTP) Allow       

11  (WAN) (LAN) Send E-Mail (SMTP) Allow       

12  (WAN) (LAN) Send E-Mail (SMTP) Allow       

13  (WAN) (LAN) Send E-Mail (SMTP) Allow       

14  (WAN) (LAN) Send E-Mail (SMTP) Allow       

15  (WAN) (LAN) Send E-Mail (SMTP) Allow       

16  - (WAN) (LAN) Send E-Mail (SMTP) Allow       

17           LAN (LAN) HTTPS Management Allow            

18           LAN (LAN) HTTP Management Allow            

19           *(WAN) (LAN) second RDP Allow       

20           *(WAN) (LAN) Retrieve E-Mail (POP3) Allow       

21           *(WAN) (LAN) PC Anywhere Allow       

22           *(WAN) (LAN) CAMERAS1 Allow       

23           *(WAN) (LAN) Key Exchange (IKE) Allow             

24  (LAN) * Key Exchange (IKE) Allow             

25           *(WAN) (LAN) Web (HTTP) Allow       

26           *(WAN) (LAN) Terminal Services Allow       

27           *(WAN) (LAN) SR Camera Allow       

28           *(WAN) (LAN) SR Camera1 Allow       

29           *(WAN) (LAN) Any Allow       

Any idea were we would make these changes.  As I can see from the NAT tab in CCA, I only can select certain features, like web server, email server, etc.

Any thought or referecnes would be greatly appreciated.


Community Member

Re: Terminal Services

Hi Joe,

This feature is currently not supported through CCA. You will need to use CLI for allowing the desired IP addresses to be excluded from firewall blocking. There is an access-list on the WAN interface, modify the access-list to allow these IP addresses.


Community Member

Re: Terminal Services

two things:

interface fast Ethernet 0/0 states below ip access group 105 in.  Would I then be adding a cli command of access-list 105 permit ip (and list each IP for spam filtering)

Second, I am trying to add thru the NAT tab in CCA a other TCP to for inside and outside port 3389 for terminal service.

I get this error when hitting apply

How can I add the interanl and outside ports for the few setting above via cli or what can I do about the error.

Re: Terminal Services

Have you made changes via CLI already?  That could be a problem.

If not, could you post your cca logs and a config?  Remember to remove the passwords.

Community Member

Re: Terminal Services

sort of but who knows now.  I am uploading the last running good config.  I have made some changes in per CCA, NAT is not enabled on any interface.

the config here allowed us on the Internet but could not run terminal services via port 3389 to 192.168.11 and no email was coming thru.

I think I have to do a reload to get this config back up.

Community Member

Re: Terminal Services

we got it.

CreatePlease to create content