Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

how to allow remote desktop from outside to inside?

Dear all,

i have cisco router 2821 and switch-3560G.

for 2821 using internet connection and  connect to switch 3560G.

for switch 3560G create 2 Vlan ( one for Server and other one for client)

on 2821.

Gi0/0: 203189.12.10

Gi0/1: 10.10.101

on switch 3560G

G0/1: 10.10.10.2 connect to router 2821.

Vlan: 20.20.20.1 Vlan server

Vlan: 30.30.30.1 Vlan client

So i would like to allow remote from desktop and smtp, pop3 from outside to inside ( 20.20.20.10)?

1- How can we configure on router?

2- how about switch 3560G we just routing only or need to add ip nat .......?

Best Regards,

Rechard

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: how to allow remote desktop from outside to inside?

Hello,

I am assuming that you have not configured CBAC or ZBF on the router. With that assumption, I would suggest you to configure access-lists that allow returnt traffic from internet to your internal hosts (if they are browsing via the router). Also, the access-list is slightly off in that the source port will not be SMTP or POP3 when you are accessing the servers.

p nat inside source static tcp 20.20.20.10 interface f0/0 25 extendable

ip nat inside source static tcp 20.20.20.10 interface f0/0 110 extendable

access-list 103 permit tcp any host eq smtp
access-list 103 permit tcp any host eq pop3

access-list 103 permit tcp any any ack

access-list 103 deny tcp any any syn

access-list 103 permit ip any any

With this, all the return traffic will be allowed (even though this allows UDP/ICMP seamlessly, you can restrict them also if you like) without any issues. Hope this helps.

Regards,

NT

4 REPLIES

Re: how to allow remote desktop from outside to inside?

Dear all,

i have cisco router 2821 and switch-3560G.

for 2821 using internet connection and  connect to switch 3560G.

for switch 3560G create 2 Vlan ( one for Server and other one for client)

on 2821.

Gi0/0: 203189.12.10

Gi0/1: 10.10.101

on switch 3560G

G0/1: 10.10.10.2 connect to router 2821.

Vlan: 20.20.20.1 Vlan server

Vlan: 30.30.30.1 Vlan client

So i would like to allow remote from desktop and smtp, pop3 from outside to inside ( 20.20.20.10)?

1- How can we configure on router?

2- how about switch 3560G we just routing only or need to add ip nat .......?

Best Regards,

Rechard

Hi Rechard,

Nat the server (20.20.20.10) in router with public ip  with allowing rdp,smtp and pop3 ports open.

Hope to help !!

Ganesh.H

Remember to rate the helpful post

New Member

Re: how to allow remote desktop from outside to inside?

Dear Ganesh.H,

it should like this?

ip nat inside source static tcp 20.20.20.10 interface f0/0 25 extendable

ip nat inside source static tcp 20.20.20.10 interface f0/0 110 extendable

access-list 103 permit tcp any eq smtp host 20.20.20.10 eq smtp
access-list 103 permit tcp any eq pop3 host 20.20.20.10 eq pop3

Best Regards,

Rechard

Re: how to allow remote desktop from outside to inside?

Dear Ganesh.H,

it should like this?

ip nat inside source static tcp 20.20.20.10 interface f0/0 25 extendable

ip nat inside source static tcp 20.20.20.10 interface f0/0 110 extendable

access-list 103 permit tcp any eq smtp host 20.20.20.10 eq smtp
access-list 103 permit tcp any eq pop3 host 20.20.20.10 eq pop3

Best Regards,

Rechard

Hi Rechard,

Following configuration will be done for user to access local lan server on port smtp/pop3 as it will be from the internet that mean any body can connect to your server i dont think a ACL is required.

ip nat inside source static 20.20.20.10 172.16.131.1 (public ip)
interface e 0
ip address 20.20.20.254 255.255.255.0
ip nat inside

interface s 0
ip address 172.16.130.2 255.255.255.0
ip nat outside

http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080093f31.shtml

Hope to help !!

Ganesh.H

Remember to rate the helpful post

Cisco Employee

Re: how to allow remote desktop from outside to inside?

Hello,

I am assuming that you have not configured CBAC or ZBF on the router. With that assumption, I would suggest you to configure access-lists that allow returnt traffic from internet to your internal hosts (if they are browsing via the router). Also, the access-list is slightly off in that the source port will not be SMTP or POP3 when you are accessing the servers.

p nat inside source static tcp 20.20.20.10 interface f0/0 25 extendable

ip nat inside source static tcp 20.20.20.10 interface f0/0 110 extendable

access-list 103 permit tcp any host eq smtp
access-list 103 permit tcp any host eq pop3

access-list 103 permit tcp any any ack

access-list 103 deny tcp any any syn

access-list 103 permit ip any any

With this, all the return traffic will be allowed (even though this allows UDP/ICMP seamlessly, you can restrict them also if you like) without any issues. Hope this helps.

Regards,

NT

6774
Views
0
Helpful
4
Replies