unable to RDP

[aneelley]

rdp was working but now it seems it is not. I haven't changed anything on the router so I am not sure where to start. Here is debugging output showing me trying to RDP from my desktop to my server which has the external IP of 10.61.32.52 and the internal IP of 192.168.220.3. My desktop is 10.61.33.193:

hostxx01#
1w2d: NAT: s=192.168.220.3->10.61.32.52, d=10.61.33.193 [8323]
1w2d: NAT: s=192.168.220.3->10.61.32.52, d=10.61.33.193 [8324]
1w2d: NAT: s=192.168.220.3->10.61.32.52, d=10.61.33.193 [8325]
1w2d: NAT: s=10.61.32.100, d=10.61.32.52->192.168.220.3 [61623]
1w2d: NAT: s=192.168.220.3->10.61.32.52, d=10.61.32.100 [8326]
hostxx01#
hostxx01#u all
All possible debugging has been turned off
hostxx01#

Here is the configuration:

Current configuration : 1588 bytes
!
version 12.3
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname hostxx01
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$I.4r$MG4o5inCNijBkCQ1VDl551
!
no aaa new-model
ip subnet-zero
!
!
ip domain name hq.netapp.com
ip name-server 8.8.8.8
!
ip audit notify log
ip audit po max-events 100
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface FastEthernet0/0
description connected to CorporateNetwork
ip address 10.61.32.39 255.255.252.0 secondary
ip address 10.61.32.52 255.255.252.0 secondary
ip address 10.61.32.55 255.255.252.0 secondary
ip address 10.61.32.68 255.255.252.0 secondary
ip address 10.61.32.78 255.255.252.0 secondary
ip address 10.61.32.81 255.255.252.0 secondary
ip address 10.61.32.58 255.255.252.0
ip nat outside
duplex auto
speed auto
!
interface BRI0/0
no ip address
shutdown
!
interface FastEthernet0/1
description connected to EthernetLAN
ip address 192.168.220.1 255.255.255.0
ip nat inside
duplex auto
speed auto
!
ip nat inside source static 192.168.220.3 10.61.32.52
ip nat inside source static 192.168.220.4 10.61.32.55
ip nat inside source static 192.168.220.5 10.61.32.68
ip nat inside source static 192.168.220.6 10.61.32.78
ip nat inside source static 192.168.220.7 10.61.32.81
ip http server
ip http secure-server
ip classless
ip route 0.0.0.0 0.0.0.0 10.61.32.1
!
ip dns server
!
!
ip access-list extended NAT
permit ip 192.168.220.0 0.0.0.255 any
!
!
!
!
!
!
line con 0
exec-timeout 0 0
password password
login
line aux 0
line vty 0 4
password password
login
!
!
!
end

hostxx01#

 

[jeter]

can you rdp from the inside of the network?

Go Army!
Tek-TIP Member 19,650

 

[aneelley]

Uncertain as I only have a couple of ESX servers over there with the Windows server.

 

[aneelley]

bump

 

[burtsbees]

Give a topology.

/

tim@tim-laptop ~ $ sudo apt-get install windows
Reading package lists... Done
Building dependency tree
Reading state information... Done
E: Couldn't find package windows...Thank Goodness!

 

[aneelley]

<corporate network>-<my router>-<my switch>-<my hosts>

my desktop is also on the corporate network side of the router. I have static IP addresses for the hosts inside the router. Let me know if you need anything else.

 

[burtsbees]

I'm guessing that you're natting from private to private because in your unique situation, you have a lab that you wanted to separate from the corporate nw, and you didn't want to bother the corporate nw guys with natting your lab addresses to get out to the internet...right?

Anyway, the only thing that I can think of is clearing nat xlates...

router#clear ip nat trans * and then you may have to PAT, setting up remote access using something other than RDP, as it uses only one TCP port (3389)---you cannot NAT to the same port twice. OR, you can KRON to clear xlates every minute. OR, you may have to RDP to a server, and PAT like

ip nat inside source static tcp 192.168.220.3 3389 int fa0/0 3389

and not use all the secondary addresses. In that case, you could NAT to a loopback and use ip unnumbered for fa0/0...

int lo0
ip add 10.61.32.58 255.255.255.255
ip nat out
!
int fa0/0
ip add unnum int lo0
no shut
!
ip nat inside source static 192.168.220.0 0.0.0.255 int lo0

OR (preferred)

ip nat inside source static tcp 192.168.220.3 3389 int lo0 3389

in which case 192.168.220.3 would be your "RDP" server

Try clearing NAT xlates and then see if it works before doing any config changes. If that works, the simplest thing would be to KRON clearing xlates...

router(config)#kron occurrence EVERY_MINUTE in 001 recurring
router(config-kron-occurrence)#policy-list CLEAR_XLATES
router(config-kron-occurrence)#exit
router(config)#kron policy-list CLEAR_XLATES
router(config-kron-policy)#cli clear ip nat trans *
router(config-kron-policy)#end
router#wr

This will clear xlates every minute, recurring. "?" through the kron to see more options (like daily would be 1:0:0, every 3 hours would be either 180 or 0:3:0, etc.).

/




tim@tim-laptop ~ $ sudo apt-get install windows
Reading package lists... Done
Building dependency tree
Reading state information... Done
E: Couldn't find package windows...Thank Goodness!