RDP to Multiple Servers with a Cisco PIX/ASA Firewall
| ||
Problem | ||
You want to connect via "Remote Desktop" to multiple servers behind your firewall. To do this you have three options. | ||
Solution | ||
Option 1 (Use if you have multiple free Public IP addresses) Connect to the firewall, go to enable mode, then go to "Configure Terminal Mode", and create a names entity for each Servers public and Private Address | ||
Petes-ASA> en
Password: ********* Petes-ASA# Petes-ASA#configure terminal Petes-ASA(config)# Petes-ASA(config)# name 192.168.1.1 Server1-Internal Petes-ASA(config)# name 192.168.1.2 Server2-Internal Petes-ASA(config)# name 123.123.123.123 Server1-External Petes-ASA(config)# name 123.123.123.124 Server2-External | ||
Now Allow RDP to both of the servers with an Access con troll list and apply that access con troll list to the outside interface (Note if you already have in inbound ACL simply substitute the name "inbound" for yours. | ||
Petes-ASA(config)# access-list inbound extended permit tcp any host Server1-External eq 3389
Petes-ASA(config)# access-list inbound extended permit tcp any host Server2-External eq 3389 Petes-ASA(config)# access-group inbound in interface outside | ||
Option 2 (Uses Port Forwarding and uses a different port for each server). To deploy this option the ASA will accept the connection for each server on a different port, to do this each server must listen on a different port. Connect to the firewall, go to enable mode, then go to "Configure Terminal Mode" then allow each port you are going to use (in this case 3389 and 3390) | ||
Petes-ASA> en
Password: ********* Petes-ASA# Petes-ASA#configure terminal Petes-ASA(config)# Petes-ASA(config)# access-list inbound extended permit tcp any interface outside eq 3389 Petes-ASA(config)# access-list inbound extended permit tcp any interface outside eq 3390 | ||
Then Port Forward those ports to the correct internal servers. | ||
Petes-ASA(config)# static (inside,outside) tcp interface 3389 192.168.1.1 3389 netmask 255.255.255.255 Petes-ASA(config)# static (inside,outside) tcp interface 3390 192.168.1.2 3390 netmask 255.255.255.255 | ||
Option 3 (Uses Port Forwarding and uses a different port for each server). This differs from option 2 because in this example the firewall will translate each incoming port to RDP 3389 and sent it to the correct Server. | ||
Petes-ASA> en Password: ********* Petes-ASA# Petes-ASA#configure terminal Petes-ASA(config)# Petes-ASA(config)# access-list inbound extended permit tcp any interface outside eq 3389 Petes-ASA(config)# access-list inbound extended permit tcp any interface outside eq 3390 | ||
Then Port Forward AND TRANSLATE those ports to the correct internal servers. | ||
Petes-ASA(config)# static (inside,outside) tcp interface 3389 192.168.1.1 3389 netmask 255.255.255.255 Petes-ASA(config)# static (inside,outside) tcp interface 3390 192.168.1.2 3389 netmask 255.255.255.255 |
Monday, 14 May 2012
RDP to Multiple Servers with a Cisco PIX/ASA Firewall
Labels:
CISCO ASA
Subscribe to:
Post Comments (Atom)
hack whatsapp phishing pageExcellent article! We are linking to this great article on our website. Keep up the good writing.Hacking BlogsHack Instagram
ReplyDelete