Adtran
Help
BIG NEWS! The Adtran Support Community is moving! In the next few weeks it will be housed in a new location. Be sure to visit our NEW Adtran Community before the end of July to check it out and verify that you can access all the resources and features that you need. If you discover any issues with your account or access, or just want to let us know about your experience, be sure to use our Feedback Form to let us know!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
tomcross
New Contributor II
‎02-09-2020 07:16 PM

Port Forward restriction

Jump to solution

I have a NetVanta 3120 with a Port forward for RDP

This works well. I now need to restrict this access to one external IP address for security.

I have tried stumbling through a few configs but with no luck...

Any help is appreciated.

regards Tom

Labels (1)
Labels
Tags (2)
0 Kudos
Reply
1 Solution

Accepted Solutions
mick
Contributor II
Contributor II
‎02-10-2020 07:38 AM

Re: Port Forward restriction

Jump to solution

Your need an extended access-list accepting inbound connections for RDP, but only from some WAN address(es); e.g. assuming:

external host who needs to access your RDP port forwarding has a public IP address of AA.BBB.CC.DDD;

your internal host you want to access with RDP has an IP 10.10.10.XX and is listening for RDP connections on TCP/UDP ports 3389;

your public IP address is WWW.XXX.YY.ZZ;

you can try something like this:

ip access-list extended web-acl-RDP

  remark Filter RDP from WAN

  permit tcp host AA.BBB.CC.DDD host  WWW.XXX.YY.ZZ eq 3389 log

  permit udp host AA.BBB.CC.DDD host  WWW.XXX.YY.ZZ eq 3389 log

ip policy-class Public

...

nat destination list web-acl-RDP address 10.10.10.XX

You could replace host for hostname if the domain names can be resolved by DNS.

View solution in original post

0 Kudos
Reply
1 Reply
mick
Contributor II
Contributor II
‎02-10-2020 07:38 AM

Re: Port Forward restriction

Jump to solution

Your need an extended access-list accepting inbound connections for RDP, but only from some WAN address(es); e.g. assuming:

external host who needs to access your RDP port forwarding has a public IP address of AA.BBB.CC.DDD;

your internal host you want to access with RDP has an IP 10.10.10.XX and is listening for RDP connections on TCP/UDP ports 3389;

your public IP address is WWW.XXX.YY.ZZ;

you can try something like this:

ip access-list extended web-acl-RDP

  remark Filter RDP from WAN

  permit tcp host AA.BBB.CC.DDD host  WWW.XXX.YY.ZZ eq 3389 log

  permit udp host AA.BBB.CC.DDD host  WWW.XXX.YY.ZZ eq 3389 log

ip policy-class Public

...

nat destination list web-acl-RDP address 10.10.10.XX

You could replace host for hostname if the domain names can be resolved by DNS.

0 Kudos
Reply