No announcement yet.

RDP from outside

  • Filter
  • Time
  • Show
Clear All
new posts

  • RDP from outside

    Hey guys,

    I want to access one of the server ( using rdp.
    I already configured the pix 501 but not success to perform the rdp.
    Could you all detect the problem with my config.
    Below are my config

    Building configuration...
    : Saved
    PIX Version 6.3(1)
    interface ethernet0 auto
    interface ethernet1 auto
    interface ethernet2 auto
    nameif ethernet0 outside security0
    nameif ethernet1 inside security100
    nameif ethernet2 intf2 security4
    enable password 3leFmTa3rJEpFu3l encrypted
    passwd 3leFmTa3rJEpFu3l encrypted
    hostname IST
    domain-name IST.COM
    clock timezone MYT 8
    fixup protocol ftp 21
    fixup protocol h323 h225 1720
    fixup protocol h323 ras 1718-1719
    fixup protocol http 80
    fixup protocol ils 389
    fixup protocol rsh 514
    fixup protocol rtsp 554
    fixup protocol sip 5060
    fixup protocol sip udp 5060
    fixup protocol skinny 2000
    fixup protocol smtp 25
    fixup protocol sqlnet 1521

    object-group service rdp tcp
    port-object range 3389 3390

    access-list inside_access_in permit tcp any any eq domain
    access-list inside_access_in permit udp any any eq domain
    access-list inside_access_in permit icmp any any
    access-list outside_access_in permit tcp any host 203.x.x.30 object-group rdp
    access-list inside_outbound_nat0_acl permit ip any
    access-list outside_cryptomap_dyn_20 permit ip any

    pager lines 24
    logging on
    logging timestamp
    logging trap warnings
    logging facility 22
    logging device-id string pixfirewall
    logging host inside Linux_File_Srv
    icmp permit host necare outside
    icmp permit host outside
    mtu outside 1500
    mtu inside 1500
    mtu intf2 1500
    ip address outside 203.x.x.30
    ip address inside

    no ip address intf2
    ip verify reverse-path interface outside
    ip verify reverse-path interface inside
    ip audit info action alarm
    ip audit attack action alarm
    ip local pool klccippool

    pdm logging warnings 100
    pdm history enable
    arp timeout 14400
    global (outside) 10 interface

    nat (inside) 0 access-list inside_outbound_nat0_acl
    nat (inside) 10 0 0
    static (inside,outside) 203.x.x.28 Linux_File_Srv netmask 0 0
    static (inside,outside) 203.x.x.29 Database_Srv netmask 0 0
    static (inside,outside) 203.x.x.30 netmask 0 0

    access-group outside_access_in in interface outside
    access-group inside_access_in in interface inside
    route outside 203.x.x.25 1

    no snmp-server location
    no snmp-server contact
    snmp-server community public
    no snmp-server enable traps
    floodguard enable

    sysopt connection permit-ipsec
    crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
    crypto dynamic-map outside_dyn_map 20 match address outside_cryptomap_dyn_20
    crypto dynamic-map outside_dyn_map 20 set transform-set ESP-3DES-MD5
    crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map
    crypto map outside_map client authentication LOCAL
    crypto map outside_map interface outside
    isakmp enable outside
    isakmp policy 20 authentication pre-share
    isakmp policy 20 encryption 3des
    isakmp policy 20 hash md5
    isakmp policy 20 group 2
    isakmp policy 20 lifetime 86400
    vpngroup abc address-pool klccippool
    vpngroup abc dns-server 203.x.x.25 203.x.x.24
    vpngroup abc idle-time 1800
    vpngroup abc password ********

    ssh timeout 20
    console timeout 0
    username necsg password jt43jBARiBYEfoN7 encrypted privilege 15
    username necare password BkPn6VQ0VwTy7MY7 encrypted privilege 15
    terminal width 80
    : end

  • #2
    Re: RDP from outside

    Hi Necro,

    try the following commands:

    object-group service rdp tcp
    port-object eq rdp
    port-object range 3389 3390

    Your ACE for RDP looks fine. My PIX chops are a little rusty since I have been managing ASA's for the last 4 years.



    • #3
      Re: RDP from outside

      Hi ryansmitty,

      thanks for ur reply,

      unable to put in the command 'port-object eq rdp". not valid command.

      any idea??


      • #4
        Re: RDP from outside

        Hey all,

        i already managed to sort out the problem. I reconfigure the acl and now it work fine


        • #5
          Re: RDP from outside

          is this what you did?

          access-list outside_access_in permit tcp any host 203.x.x.30 eq 3389

          although, you should look into configuring an ipsec vpn or something. there is a worm out there that attacks port 3389. or you could create an access list that states only certain plublic ip addresses can access your 203.x.x.30 eq 3389