Adtran
Help
The Adtran community holiday season is starting next week! The holiday period will span from December 21, 2024 to January 6, 2025. During this time, responses to feedback form submissions may be delayed. If you are encountering product issues, you can reach out to Adtran support at any time.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
tomcross
New Contributor II
‎02-09-2020 07:16 PM

Port Forward restriction

I have a NetVanta 3120 with a Port forward for RDP

This works well. I now need to restrict this access to one external IP address for security.

I have tried stumbling through a few configs but with no luck...

Any help is appreciated.

regards Tom

Labels (1)
Labels
Tags (2)
0 Kudos
Reply
1 Reply
mick
Contributor
Contributor
‎02-10-2020 07:38 AM

Re: Port Forward restriction

Your need an extended access-list accepting inbound connections for RDP, but only from some WAN address(es); e.g. assuming:

external host who needs to access your RDP port forwarding has a public IP address of AA.BBB.CC.DDD;

your internal host you want to access with RDP has an IP 10.10.10.XX and is listening for RDP connections on TCP/UDP ports 3389;

your public IP address is WWW.XXX.YY.ZZ;

you can try something like this:

ip access-list extended web-acl-RDP

  remark Filter RDP from WAN

  permit tcp host AA.BBB.CC.DDD host  WWW.XXX.YY.ZZ eq 3389 log

  permit udp host AA.BBB.CC.DDD host  WWW.XXX.YY.ZZ eq 3389 log

ip policy-class Public

...

nat destination list web-acl-RDP address 10.10.10.XX

You could replace host for hostname if the domain names can be resolved by DNS.

0 Kudos
Accept as Solution Reply