Hi guys,
I have a Windows 2000 webserver running the Terminal Server Advanced Client but I can't seem to establish a Terminal Server connection through the website.
Therefore, I'm trying to create a static route for our Terminal Server which is located behind a Cisco 2621 Router using NAT. The router is also connected to a remote 2600 router using a VPN tunnel. Whenever I try to create the static route for the Terminal Server (tcp 3389) it disconnects VPN users at the remote office from the Terminal Server and doesn't allow them to connect at all. There is obviously a problem with the waying I'm routing things but being a novice Cisco user I'm not sure what it is. Can someone have a look at this configuration and offer some suggestions? Thanks for your help.
Firewall Settings:
access-list 101 permit icmp any any
access-list 101 permit udp any eq isakmp any eq isakmp
access-list 101 permit udp host y.y.y.y any
access-list 101 permit tcp any host x.x.x.x eq www
access-list 101 permit tcp any host x.x.x.x eq 443
access-list 101 permit tcp any host x.x.x.x eq 3389
access-list 101 permit ip 10.2.2.0 0.0.0.255 10.2.1.0 0.0.0.255
access-list 101 permit ip 10.2.3.0 0.0.0.255 10.2.1.0 0.0.0.255
Routing:
ip nat inside source route-map nonat interface FastEthernet0/1 overload
ip nat inside source static tcp 10.2.1.27 80 x.x.x.x 80 extendable
ip nat inside source static tcp 10.2.1.27 443 x.x.x.x 443 extendable
ip nat inside source static tcp 10.2.1.27 3389 x.x.x.x 3389 extendable
ip classless
ip route 0.0.0.0 0.0.0.0 z.z.z.z permanent
If you need to see more of my configuration just let me know.
Niall
I have a Windows 2000 webserver running the Terminal Server Advanced Client but I can't seem to establish a Terminal Server connection through the website.
Therefore, I'm trying to create a static route for our Terminal Server which is located behind a Cisco 2621 Router using NAT. The router is also connected to a remote 2600 router using a VPN tunnel. Whenever I try to create the static route for the Terminal Server (tcp 3389) it disconnects VPN users at the remote office from the Terminal Server and doesn't allow them to connect at all. There is obviously a problem with the waying I'm routing things but being a novice Cisco user I'm not sure what it is. Can someone have a look at this configuration and offer some suggestions? Thanks for your help.
Firewall Settings:
access-list 101 permit icmp any any
access-list 101 permit udp any eq isakmp any eq isakmp
access-list 101 permit udp host y.y.y.y any
access-list 101 permit tcp any host x.x.x.x eq www
access-list 101 permit tcp any host x.x.x.x eq 443
access-list 101 permit tcp any host x.x.x.x eq 3389
access-list 101 permit ip 10.2.2.0 0.0.0.255 10.2.1.0 0.0.0.255
access-list 101 permit ip 10.2.3.0 0.0.0.255 10.2.1.0 0.0.0.255
Routing:
ip nat inside source route-map nonat interface FastEthernet0/1 overload
ip nat inside source static tcp 10.2.1.27 80 x.x.x.x 80 extendable
ip nat inside source static tcp 10.2.1.27 443 x.x.x.x 443 extendable
ip nat inside source static tcp 10.2.1.27 3389 x.x.x.x 3389 extendable
ip classless
ip route 0.0.0.0 0.0.0.0 z.z.z.z permanent
If you need to see more of my configuration just let me know.
Niall
