Questions

How to configure Remote Desktop Connection on Cisco 2811 Router

+
1 Votes
Locked

How to configure Remote Desktop Connection on Cisco 2811 Router

picofly
Kindly I need assistance in tackling these problems.
1) Configuring Remote desktop connection on my windows 2003 server which has an ip 10.X.X.X through cisco router 2811

2) When browsing on the internet am experiencing TTL Expired on Transit on some websites.

3) I need to share the internet from this Cisco 2811 router to another Cisco 1841 router in our office connected through serial interface that has point to point connection only.

How do tackle remote desktop connection?
Can anyone assist in pointing out the issues with TTL expiring on transit?
How do I share the internet?

The following is my configurations

Building configuration...

Current configuration : 2133 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
service sequence-numbers
!
hostname xxxxxxx
!
boot-start-marker
boot-end-marker
!
logging message-counter syslog
enable secret xxxxxxxxxxxxxxxxxxxxxx
!
no aaa new-model
clock timezone PCTime 3
!
dot11 syslog
ip source-route
!
!
ip cef
!
!
ip name-server 41.x.x.x
ip name-server 41.x.x.x
multilink bundle-name authenticated
!
vpdn enable
!
!
!
!
!
!
username xxxxx privilege 15 password xxxxxxxxxxxx
archive
log config
hidekeys
!
!
!
!
!
interface FastEthernet0/0
ip address 10.x.x.x 255.x.x.x
no ip unreachables
ip nat inside
ip virtual-reassembly
no ip mroute-cache
duplex auto
speed auto
no cdp enable
!
interface FastEthernet0/1
description $ES_LAN$
no ip address
no ip unreachables
no ip mroute-cache
duplex auto
speed auto
pppoe enable
pppoe-client dial-pool-number 1
no cdp enable
!
interface Serial0/0/0
ip address 192.x.x.x 255.x.x.252
ip nat outside
ip virtual-reassembly
encapsulation ppp
!
interface Serial0/0/1
no ip address
shutdown
clock rate 2000000
!
interface Dialer1
ip address negotiated
no ip unreachables
ip mtu 1492
ip nat outside
ip virtual-reassembly
encapsulation ppp
ip tcp adjust-mss 1452
no ip mroute-cache
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication chap pap callin
ppp chap hostname xxxxxxx
ppp chap password xxxxxxxxxxxxxx
ppp pap sent-username xxxxxx password xxxxxxxxxxxx
ppp ipcp dns request accept
ppp ipcp route default
ppp ipcp address accept
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Serial0/0/0
!
no ip http server
ip http authentication local
no ip http secure-server
!
ip nat inside source list 10 interface Dialer1 overload
ip nat inside source list 101 interface Serial0/0/0 overload
!
ip access-list extended afr_accesslist
!
access-list 10 permit 10.x.x.x x.x.x.255
dialer-list 1 protocol ip permit
no cdp run

!
!
control-plane
!
!
line con 0
line aux 0
line vty 0 4
password xxxxxxxxxxxxxxxxxxxxxx
login
!
scheduler allocate 20000 1000
end
  • +
    0 Votes
    robo_dev

    Don't post your passwords or your internal IP addresses.

    Remote Desktop is not the most secure way to connect, but you basically need a NAT rule for the server IP and open up a port for it. Unless you want 8 zillion hack attempts per month, configure it to use some random port number other than the default.

    +
    0 Votes
    picofly

    Thank you for your quick response. So how do I configure those random ports for it?

    +
    0 Votes
    robo_dev

    So there are TONS of automated exploits that scour the earth for servers listening at 3389, and TONS of hacks (such as TSGrinder), that allow script kiddies to test your defenses.

    The server or workstation using RDP is modified to use, for example, port 1234 by making a simple registry change.

    The following example is for Windows 2000, others will be similar:

    http://support.microsoft.com/kb/187623


    "To change the default port for all new connections created on the Terminal Server:

    Run Regedt32 and go to this key:
    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp
    NOTE: The above registry key is one path; it has been wrapped for readability.

    Find the "PortNumber" subkey and notice the value of 00000D3D, hex for (3389). Modify the port number in Hex and save the new value.

    To change the port for a specific connection on the Terminal Server:
    Run Regedt32 and go to this key:
    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Terminal Server\WinStations\connection

    Modify the port number in Hex and save the new value."

    http://www.petri.co.il/change_terminal_server_listening_port.htm

    +
    0 Votes
    picofly

    Hey thanks a lot! this is great its very descriptive and straight to the point. Am grateful. However, now how do I allow rdp in a cisco router? What's the syntax? Thanks again for your cooperation.

    +
    0 Votes
    robo_dev

    One is to open the port, and the other is to create a NAT rule to direct traffic to the server.

    it's something like:

    ip nat inside source static tcp 172.16.237.99 3389 interface Ethernet0 1234
    access-list 101 permit tcp any host 172.16.237.99 eq 1234

    port 1234 being the arbitrary port number you choose for RDP
    the 172 address would be the replaced with the IP of your server.

    Here is another example
    http://forums.techguy.org/networking/994061-cisco-2811-blocking-remote-destkop.html

  • +
    0 Votes
    robo_dev

    Don't post your passwords or your internal IP addresses.

    Remote Desktop is not the most secure way to connect, but you basically need a NAT rule for the server IP and open up a port for it. Unless you want 8 zillion hack attempts per month, configure it to use some random port number other than the default.

    +
    0 Votes
    picofly

    Thank you for your quick response. So how do I configure those random ports for it?

    +
    0 Votes
    robo_dev

    So there are TONS of automated exploits that scour the earth for servers listening at 3389, and TONS of hacks (such as TSGrinder), that allow script kiddies to test your defenses.

    The server or workstation using RDP is modified to use, for example, port 1234 by making a simple registry change.

    The following example is for Windows 2000, others will be similar:

    http://support.microsoft.com/kb/187623


    "To change the default port for all new connections created on the Terminal Server:

    Run Regedt32 and go to this key:
    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp
    NOTE: The above registry key is one path; it has been wrapped for readability.

    Find the "PortNumber" subkey and notice the value of 00000D3D, hex for (3389). Modify the port number in Hex and save the new value.

    To change the port for a specific connection on the Terminal Server:
    Run Regedt32 and go to this key:
    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Terminal Server\WinStations\connection

    Modify the port number in Hex and save the new value."

    http://www.petri.co.il/change_terminal_server_listening_port.htm

    +
    0 Votes
    picofly

    Hey thanks a lot! this is great its very descriptive and straight to the point. Am grateful. However, now how do I allow rdp in a cisco router? What's the syntax? Thanks again for your cooperation.

    +
    0 Votes
    robo_dev

    One is to open the port, and the other is to create a NAT rule to direct traffic to the server.

    it's something like:

    ip nat inside source static tcp 172.16.237.99 3389 interface Ethernet0 1234
    access-list 101 permit tcp any host 172.16.237.99 eq 1234

    port 1234 being the arbitrary port number you choose for RDP
    the 172 address would be the replaced with the IP of your server.

    Here is another example
    http://forums.techguy.org/networking/994061-cisco-2811-blocking-remote-destkop.html