cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Highlighted
New Contributor II

Port Forward restriction

I have a NetVanta 3120 with a Port forward for RDP

This works well. I now need to restrict this access to one external IP address for security.

I have tried stumbling through a few configs but with no luck...

Any help is appreciated.

regards Tom

Labels (1)
Tags (2)
0 Kudos
1 Reply
Highlighted
Contributor
Contributor

Re: Port Forward restriction

Your need an extended access-list accepting inbound connections for RDP, but only from some WAN address(es); e.g. assuming:

external host who needs to access your RDP port forwarding has a public IP address of AA.BBB.CC.DDD;

your internal host you want to access with RDP has an IP 10.10.10.XX and is listening for RDP connections on TCP/UDP ports 3389;

your public IP address is WWW.XXX.YY.ZZ;

you can try something like this:

ip access-list extended web-acl-RDP

  remark Filter RDP from WAN

  permit tcp host AA.BBB.CC.DDD host  WWW.XXX.YY.ZZ eq 3389 log

  permit udp host AA.BBB.CC.DDD host  WWW.XXX.YY.ZZ eq 3389 log

ip policy-class Public

...

nat destination list web-acl-RDP address 10.10.10.XX

You could replace host for hostname if the domain names can be resolved by DNS.