How to stick out port 3389, cisco 2921 router?

A

andreyzhuk2018-05-08 13:13:49

Computer networks

andreyzhuk, 2018-05-08 13:13:49

For rdp access to the terminal server, port 3389 must be exposed. Port forwarding with the ip nat inside source static tcp command does not help. Here is the access-list:
Standard IP access list 1
10 permit any
Extended IP access list FIREWALL
5 permit ip host 80.252.149.185 any (560 matches)
10 permit tcp object-group REMOTE_LAN_MNG any eq 22
20 permit tcp object-group REMOTE_LAN_MNG any eq telnet
30 permit icmp object-group REMOTE_LAN_MNG any
40 deny ip any any (16284 matches)
Extended IP access list NAT
Extended IP access list Wi_Fi_GUEST
10 deny ip any object-group RFC_1918 (337724 matches)
20 deny ip any host 2.2.2.1
30 permit ip any any (197157083 matches)
Extended IP access list internet
10 permit ip any any (20339383 matches)
Do I need to add something here?

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

M

mikes, 2018-08-03
@mikes

it is better to master vpn than to put terminals on the Internet. Of course, right now there is, and it seems like encryption, etc., but it's not worth it.