1 Reply Latest reply on Feb 10, 2020 5:38 AM by mick

    Port Forward restriction

    tomcross New Member

      I have a NetVanta 3120 with a Port forward for RDP

      This works well. I now need to restrict this access to one external IP address for security.

       

      I have tried stumbling through a few configs but with no luck...

       

      Any help is appreciated.

       

      regards Tom

        • Re: Port Forward restriction
          mick Visitor

          Your need an extended access-list accepting inbound connections for RDP, but only from some WAN address(es); e.g. assuming:

           

          external host who needs to access your RDP port forwarding has a public IP address of AA.BBB.CC.DDD;

          your internal host you want to access with RDP has an IP 10.10.10.XX and is listening for RDP connections on TCP/UDP ports 3389;

          your public IP address is WWW.XXX.YY.ZZ;

           

          you can try something like this:

           

          ip access-list extended web-acl-RDP

            remark Filter RDP from WAN

            permit tcp host AA.BBB.CC.DDD host  WWW.XXX.YY.ZZ eq 3389 log

            permit udp host AA.BBB.CC.DDD host  WWW.XXX.YY.ZZ eq 3389 log

           

          ip policy-class Public

          ...

          nat destination list web-acl-RDP address 10.10.10.XX

           

          You could replace host for hostname if the domain names can be resolved by DNS.