Allowing ext user to acces XP via Remote desktop 1

[Iknowit101]

I am trying to make changes to the Cisco Pix Firewall to be able to access one specific Desktop with IP 172.20.x.x from outside.
I have enabled the Remote Desktop on the XP Pro PC and added the user name, I know that MS RD uses port 3389.
What changes do I need to make on the PIX to allow the forwarding of trafic to this PC? Any help will be greatly appreciated.

Thanks.

It wasn't me, it was someone that looks a lot like me . . . .

 

[ixleplix]

You need to insert an access-list statement that allows tcp port 3389 into your ACL that's applied to the outside interface. Then statically map that port traffic to the inside machine.

access-list ACLName permit tcp any host OutsideIP eq 3389

static (inside,outside) tcp OutsideIP 3389 172.20.x.x 3389 netmask 255.255.255.255 500 500

If your outside IP is 59.43.56.7, the inside IP is 172.20.1.6, and the access-lits is named 100, then it would look like this:

access-list 100 permit tcp any host 59.43.56.7 eq 3389

static (inside,outside) tcp 59.43.56.7 3389 172.20.1.6 3389 netmask 255.255.255.255 500 500


Also, if you have available public IPs, you can statically map a whole address instead of using port redirection. If you want directions on that, let me know.

Roland


*****************

What's ADD again?

 

[danmcman]

Roland,

I am in a very similar situation to Iknowit. I have someone who needs to access remote desktop on an inside machine from outside the firewall. What if the outside IP is not static?

Also, what if I had multiple users on the outside trying to access multiple remote desktops on the inside, and I don't want to use terminal services.

I would have them dial in through a VPN and gain network access that way, but all attempts to get them connectivity through a VPN has failed. I'm running out of options

Dan M