Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Cannot open RDP session through P2P tunnel - with RDP port forward active

Hi,

I have a Site to site VPN (Site A - 10.0.0.x, Site B- 192.168.0.x) active and also need the requirement for port forwarding TCP 3389 to a Terminal Services Server from the outside.

I have the nat statement-

ip nat inside source static tcp 10.0.0.78 3389 interface dialer 0 3389

on side A and can now get in via the public(dialer 0) IP address straight to the server (10.0.0.78) I can also RDP to 10.0.0.78 from inside Site A but cannot RDP from Site B to 10.0.0.78

I can ping 10.0.0.78 fron site B and there is no firewall currently on the machine but it does not work.

As soon as I remove the Static NAT statement, I can RDP straight in from Site B (through the tunnel) to 10.0.0.78

Is there a way to set this up so both Remote (internet) clients can RDP to the server AND tunnel clients?

*note Tunnel clients can get on ok via the public IP if static nat is present.

thanks in advance.

1 ACCEPTED SOLUTION

Accepted Solutions

Re: Cannot open RDP session through P2P tunnel - with RDP port f

ip nat inside source static tcp 1.1.1.1 80 2.2.2.2 80 route-map SSS

route-map SSS permit 10

match ip address SSS

ip access-list ext SSS

deny ip any remote-net

permit ip any any

5 REPLIES
New Member

Re: Cannot open RDP session through P2P tunnel - with RDP port f

Not really possible as you will be translating the source address of anything from 10.0.0.78 tcp 3389 to the interface address of dialer 0.

The best way to do this is to have 2 ip addresses on the server...

Translate one for public access and have another that isn't translated for internal access

Re: Cannot open RDP session through P2P tunnel - with RDP port f

ip nat inside source static tcp 1.1.1.1 80 2.2.2.2 80 route-map SSS

route-map SSS permit 10

match ip address SSS

ip access-list ext SSS

deny ip any remote-net

permit ip any any

New Member

Re: Cannot open RDP session through P2P tunnel - with RDP port f

Thanks very much for both of your replys.

When using the - "deny ip any remote-net" command

I'm assuming the 'remote-net' is not a command but the ip range on the other side of the tunnel? ie. 192.168.0.0 0.0.0.255 ?

or the remote network's public ip address ?

regards,

os4mike

Re: Cannot open RDP session through P2P tunnel - with RDP port f

Hi, Michael

the 'remote-net' is the ip range on the other side of the tunnel

New Member

Re: Cannot open RDP session through P2P tunnel - with RDP port f

Thanks very, much, This worked a treat!

187
Views
0
Helpful
5
Replies