Question

Locked

PIX 501 RDP

By ted ·
Hi, this is strange.. I know my settings are correct, yet I cannot connect to RDP from the outside. This PIX is part of a WAN and the pix on the other side connects (externally) to RDP just fine. Any thoughts?


access-list 120 permit ip 192.168.0.0 255.255.255.0 192.168.1.0 255.255.255.0
access-list 100 permit ip 192.168.0.0 255.255.255.0 192.168.1.0 255.255.255.0
access-list 100 permit ip 192.168.0.0 255.255.255.0 192.168.5.0 255.255.255.0
access-list inbound permit ip 192.168.0.0 255.255.255.0 10.0.0.0 255.255.255.0
access-list inbound permit tcp any interface outside eq 3389
access-list inbound permit tcp any interface inside eq 3389
access-list inbound permit udp any host 172.9.31.25 eq domain
access-list inbound permit tcp any host 172.9.31.25 eq www
access-list inbound permit tcp any host 172.9.31.25 eq smtp
access-list inbound permit tcp any host 172.9.31.25 eq https
access-list inbound permit tcp any host 172.9.31.25 eq imap4
access-list inbound permit tcp any host 172.9.31.25 eq ftp
access-list 101 permit ip 192.168.0.0 255.255.255.0 10.0.0.0 255.255.255.0
access-list outside_cryptomap_dyn_20 permit ip any any
access-list splitTunnelAcl permit ip 192.168.0.0 255.255.255.0 any
icmp permit any outside
icmp permit any inside
mtu outside 1500
mtu inside 1500
ip address outside 172.9.31.25 255.255.255.252
ip address inside 192.168.0.2 255.255.255.0
ip audit info action alarm
ip audit attack action alarm
ip local pool ip2 10.0.0.60-10.0.0.80
arp timeout 14400
global (outside) 1 interface
nat (inside) 0 access-list 100
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
static (inside,outside) udp interface domain 192.168.0.3 domain netmask 255.255.255.255 0 0
static (inside,outside) tcp interface www 192.168.0.3 www netmask 255.255.255.255 0 0
static (inside,outside) tcp interface smtp 192.168.0.3 smtp netmask 255.255.255.255 0 0
static (inside,outside) tcp interface https 192.168.0.3 https netmask 255.255.255.255 0 0
static (inside,outside) tcp interface 3389 192.168.0.3 3389 netmask 255.255.255.255 0 0
static (inside,outside) tcp interface imap4 192.168.0.3 imap4 netmask 255.255.255.255 0 0
static (inside,outside) tcp interface ftp 192.168.0.3 ftp netmask 255.255.255.255 0 0
access-group inbound in interface outside
route outside 0.0.0.0 0.0.0.0 173.9.31.26 1
floodguard enable
sysopt connection permit-ipsec
sysopt connection permit-pptp
crypto ipsec transform-set strong esp-3des esp-sha-hmac
crypto ipsec transform-set myset esp-des esp-md5-hmac
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto dynamic-map outside_dyn_map 20 set transform-set ESP-3DES-MD5
crypto map newmap 20 ipsec-isakmp
crypto map newmap 20 match address 120
crypto map newmap 20 set peer 67.162.218.216
crypto map newmap 20 set transform-set myset
crypto map newmap 65535 ipsec-isakmp dynamic outside_dyn_map
crypto map newmap interface outside
isakmp enable outside
isakmp key ******** address 67.162.218.216 netmask 255.255.255.255 no-xauth no-config-mode
isakmp identity address
isakmp keepalive 10
isakmp nat-traversal 20
isakmp policy 10 authentication pre-share
isakmp policy 10 encryption des
isakmp policy 10 hash md5
isakmp policy 10 group 1
isakmp policy 10 lifetime 1000
isakmp policy 20 authentication pre-share
isakmp policy 20 encryption 3des
isakmp policy 20 hash md5
isakmp policy 20 group 2
isakmp policy 20 lifetime 86400
vpngroup Example address-pool ip2
vpngroup Example dns-server 192.168.0.3 64.87.71.226
vpngroup Example default-domain example.local
vpngroup Example split-tunnel 101
vpngroup Example idle-time 1800
vpngroup Falmouth password ********
vpngroup access-list idle-time 1800
vpngroup split-tunnel idle-time 1800

This conversation is currently closed to new comments.

2 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Answers

Share your knowledge
Back to Networks Forum
2 total posts (Page 1 of 1)  

Related Discussions

Related Forums