Search

Networks

General discussion

Gravatar
Locked

Two terminal server rules in Cisco Pix

By Bcarder ·
I have a client with a Cisco Pix with port 3389 pointed to an internal IP for terminal services. He comes in through VPN tunnel and RDP's to his box via internal IP.

Another PC on the network wants to have the same capability.

Can I copy and paste the rule already set for the 1 terminal session I have and change the IP? Or do I have to change the port Terminal Services listen on the other PC and make another rule?

Can someone point me in the right direction?

This conversation is currently closed to new comments.

4 total posts (Page 1 of 1)  
+ Follow this Discussion ·
| Thread display: Collapse - | Expand +

All Comments

gravatar
Collapse -

by hozcanhan In reply to Two terminal server rules ...

on this very site and topic you will find a Q where the user wants to get rid of cisco's failure to support 2 VPN clients . To avoid such trouble use another port and make another rule . It would be nice to do that for NAT purposes and for IP intrusion detection purposes.

gravatar
Collapse -

by mshavrov In reply to Two terminal server rules ...

It shouldn't be a problem. When you make a TCP connection, there are a couple components identify each connection. It's Source & Destination IP addresses, source & destination TCP or UDP ports. So, even if you have one server, connections from different clients will appear differently. Here is an example:

Client 1 10.0.0.1
Client 2 10.0.1.1
Server 172.16.0.1

Even though your clients will be using the port 3389 on the server, connections will be different:

Connection1: 10.0.0.1:1024 -> 172.16.0.1:3389
Connection2: 10.0.1.1:1024 -> 172.16.0.1:3389

If your Client1 opens another session, his PC will use another TCP port as an source:

Connection3: 10.0.0.1:1025 -> 172.16.0.1:3389

So, your firewall as well as the server can easily distinguish between different clients and connections.

Good luck,

Mike
CCNP, CCDP, CCSE, MCSE+I, MCSE W2K, Solaris, etc...
---
http://www.ciscoheadsetadapter.com

gravatar
Collapse -

by Bcarder In reply to

Poster rated this answer.

gravatar
Collapse -

by Bcarder In reply to Two terminal server rules ...

This question was closed by the author

Back to Networks Forum
4 total posts (Page 1 of 1)  

Start or search

Related Discussions

Related Forums