NATing Remote Desktop to multiple custom ports.

[gfgkemp]

Hi, I’m having a problem NATing Remote Desktop through to custom ports. We have an IP390 with R62 at a remote location which is protecting a customer system. To manage the servers in the system we need to be able to connect with Microsoft Remote Desktop.

However, for security and because of a lack of available external public IP addresses at the remote location we want allow RDP access to multiple servers using one public IP address and multiple custom ports.

For example 100.0.0.1:8000 NATs to port 3389 on server A and 100.0.0.1:8001 NATs to port 3389 on server B.

I have two NAT rules setup for each server, one allows the initial connection and the other is the return rule as in the attached image but with a different custom port for each machine.

When this was first implemented connecting to the remote public IP and custom port worked and traffic could be seen in the logs. However, for some unknown reason the connection seems to have hung, no new connections could be made and the log on the firewall stopped reporting any of the expected entries and I don't even get any dropped packets being reported.

Has anyone come across this before or do I have a problem with the NAT rules?

Thanks

Graham

[nandushankar]

Hi

any -> 100.0.0.1 -> 8000 Destination:A -> service 3389

A > any -> 3389 -> original -> original -> service 8000

Please try this and get back

[gfgkemp]

Thanks for the reply. Unfortunately I have the translations working on one of the firewalls I manage the original way I put in my post. For some unknown reason both this way and the method you suggested do not work on the new system I’ve just configured.

What i'm seeing is, with the translated ports i can make one sucessful connection then nothing, I don't even get any dropped packets.

[gfgkemp]

This was resolved by configuring the proxy ARP address on the Nokia Voyager for the external IP i wanted to NAT multiple ports for.