September 30, 2004
Allowing TS/RDP through a PIX
Cisco's line of PIX devices provides crucial firewall service for many in development and business environments alike. Occassionally developers require remote access to Windows platforms via Remote Desktop Protocol (RDP) or Windows 2000 Terminal Services. When VPN services aren't available, we ocassionally have to let these client connections through the firewall.
Terminal Server, Windows 2000 Terminal Services, and Windows XP Remote Desktop Protocol all utilize TCP port 3389 for client connections. Though not terribly secure to allow direct connections from the Internet to access this service, here are the relevant PIX configuration lines to make it possible.
Note: For the purposes of this example the public IP is 32.30.23.4, and it resides on the outside interface. The internal IP is 10.0.0.100, and it resides on the inside interface.
static (inside, outside) 32.30.23.4 10.0.0.100 netmask 255.255.255.255 0 0 access-list acl permit tcp any host 32.30.23.4 eq 3389
The first line creates a static translation between the external and interior IP. The second is the addition to the "acl" access list to permit any host access to our external IP on that specific TCP port.
Note: The access-list "acl" will not include our new rule unless the list is re-applied.
Posted by alexm at September 30, 2004 10:37 AM.Send comments/suggestions to contact@moundalexis.com.
Add to del.icio.us | Digg this | Subscribe to this feed