Petri.com forums Home Forums Start Page Forums Frequently Asked Questions FAQ Member List Members List
Go Back   Petri IT Knowledgebase Forums > Networking > Cisco Routers & Switches How-to
Petri.com is happy to award RicklesP the title of Most Valuable Member !!!
Register Calendar Calendar Search Petri IT Knowledgebase Forums Search Todays Posts Today's Posts Mark Forums Read
Notices

Forward RDP to 2 different internal IP's

Forward RDP to 2 different internal IP's

this thread has 4 replies and has been viewed 1374 times

Closed Thread
 
Thread Tools Search this Thread Display Modes
  #1  
Old 9th March 2012, 07:06
laytoncy laytoncy is offline
Casual
Casual
 
 Join Date: Mar 2012
  6 month star 12 month star
 Posts: 7
 Reputation: laytoncy is on a distinguished road (10)
Default Forward RDP to 2 different internal IP's

Right now the ASA 5505 is setup to let through 3389/RDP to 192.168.1.4. I'm going to setup another computer to be a terminal server of sorts and would like to be able to use RDP to connect to this machine as well. Can this be accomplished by adding a new network object with the IP of the terminal server machine and by adding a new static NAT with PAT to forward 3389 to the port of my choosing on the terminal server? I'm doing this all via the ASDM. I'm not familiar with the console. Any help is greatly appreciated.
  #2  
Old 9th March 2012, 16:21
L4ndy L4ndy is offline
Moderator
 
 Join Date: May 2006
  6 month star 12 month star
 Location: Liverpool, UK
 Posts: 2,634
 Reputation: L4ndy is a glorious beacon of lightL4ndy is a glorious beacon of lightL4ndy is a glorious beacon of lightL4ndy is a glorious beacon of lightL4ndy is a glorious beacon of lightL4ndy is a glorious beacon of light (541)
Default Re: Forward RDP to 2 different internal IP's

I would recommend against publishing a TS server directly through the ASA box or as a minimum restrict it to a specific External IP address and also use port translation.
Although outside the scope of your question, there are more secure ways to publish RDS/TS servers though.
__________________
Caesar's cipher - 3

ZKHQ BRX HYHQWXDOOB GHFLSKHU WKLV BRX ZLOO UHDOLVH LW ZDV D ZDVWH RI WLPH!

SFX JNRS FC U6 MNGR
  #3  
Old 9th March 2012, 17:46
auglan's Avatar
auglan auglan is offline
Moderator
 
 Join Date: Apr 2010
  6 month star 12 month star
 Location: Raleigh, NC
 Posts: 1,214
 Reputation: auglan has a spectacular aura aboutauglan has a spectacular aura aboutauglan has a spectacular aura about (219)
Default Re: Forward RDP to 2 different internal IP's

Yep you can do that.

You would need an ACL on the outside interface permitting tcp on 3389. If it is an ASA pre 8.3 then you use the public address in the ACL if it is 8.3 or newer you use the private ip address in your ACL. Then you just a static port translation to the chosen port.

Do you have multiple public ip's or just one? If just one you would need to change the port coming inbound for RDP for the new server and then translate the private ip to the requested port. If you keep both ports at 3389 coming inbound there is no way the ASA can figure out what nat rule to use and forward it properly.


access-list OUTSIDE_IN extended permit tcp any host x.x.x.x eq 3389
access-list OUTSIDE_IN extended permit tcp any host x.x.x.x eq 3390

nat (inside,outside) tcp interface 3389 192.168.1.4 3389
nat (inside,outside) tcp interface 3390 192.168.1.5 3389

or

nat (inside,outside) tcp interface 3389 192.168.1.4 3389
nat (inside,outside) tcp interface 3390 192.168.1.5 3390


These nats are pre 8.3 code.

Last edited by auglan; 9th March 2012 at 17:56..
  #4  
Old 9th March 2012, 18:50
laytoncy laytoncy is offline
Casual
Casual
 
 Join Date: Mar 2012
  6 month star 12 month star
 Posts: 7
 Reputation: laytoncy is on a distinguished road (10)
Default Re: Forward RDP to 2 different internal IP's

L4ndy, thank you for the advice.

auglan, thanks for the input. I'm going to give it a shot. I thought it would work like that but I'm very to Cisco. I'm going to change the port on the TS to 3390 and go from there. I'll post back the results. Oh and this ASDM I'm working on is 5.2(4) and ASA 7.2(4).
  #5  
Old 9th March 2012, 20:13
laytoncy laytoncy is offline
Casual
Casual
 
 Join Date: Mar 2012
  6 month star 12 month star
 Posts: 7
 Reputation: laytoncy is on a distinguished road (10)
Default Re: Forward RDP to 2 different internal IP's

It worked great. I already had 3389 done. So, I created the new access list for 3390 then a new network object for the IP of the PC i wanted to use. Created the static nat with pat and changed the port on the machine to use 3390 instead of 3389 and it worked great. I also had to open the port on the internal machines firewall as well. Thank you very much for your help.
Closed Thread


Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Hosting Optus internal DNS sites on our internal DNS server not working for Win7 JDMils Windows 7 0 11th February 2011 01:07
Cisco 877 with NAT - can I forward TWO external ports to ONE internal port? jimwillsher Cisco Routers & Switches How-to 0 28th July 2009 14:36
Ex2003 Internal Pop Account not Identified as Internal Account Smile2me Exchange 2000 / 2003 1 27th June 2007 14:49
Set WWW address to an internal server for internal users JDMils Windows Server 2000 / 2003 / 2003 R2 12 26th July 2006 03:58
Exchange 2003 -- forward "unknown" emails to internal account? Ossian Exchange 2000 / 2003 5 24th February 2006 17:04


All times are GMT +3. The time now is 15:03.

Steel Blue 3.5.4 vBulletin Style ©2006 vBEnhanced
Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
 

Valid XHTML 1.0!   Valid CSS!

Copyright 2005 Daniel Petri