General discussion


Two terminal server rules in Cisco Pix

By Bcarder ·
I have a client with a Cisco Pix with port 3389 pointed to an internal IP for terminal services. He comes in through VPN tunnel and RDP's to his box via internal IP.

Another PC on the network wants to have the same capability.

Can I copy and paste the rule already set for the 1 terminal session I have and change the IP? Or do I have to change the port Terminal Services listen on the other PC and make another rule?

Can someone point me in the right direction?

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -

by hozcanhan In reply to Two terminal server rules ...

on this very site and topic you will find a Q where the user wants to get rid of cisco's failure to support 2 VPN clients . To avoid such trouble use another port and make another rule . It would be nice to do that for NAT purposes and for IP intrusion detection purposes.

Collapse -

by mshavrov In reply to Two terminal server rules ...

It shouldn't be a problem. When you make a TCP connection, there are a couple components identify each connection. It's Source & Destination IP addresses, source & destination TCP or UDP ports. So, even if you have one server, connections from different clients will appear differently. Here is an example:

Client 1
Client 2

Even though your clients will be using the port 3389 on the server, connections will be different:

Connection1: ->
Connection2: ->

If your Client1 opens another session, his PC will use another TCP port as an source:

Connection3: ->

So, your firewall as well as the server can easily distinguish between different clients and connections.

Good luck,

CCNP, CCDP, CCSE, MCSE+I, MCSE W2K, Solaris, etc...

Collapse -

by Bcarder In reply to

Poster rated this answer.

Collapse -

by Bcarder In reply to Two terminal server rules ...

This question was closed by the author

Related Discussions

Related Forums