RDP Config on two gateways please help

[Joseph]

Hello,

Trying to get a server to respond on an RDP session but is on another router


Server Config:

IP: 10.222.221.1
SBmask 255.255.255.0
Gtway 10.222.221.254


other router is the one that is allowing internet access here is the config on that

ip address 66.236.235.xxx 255.255.255.248 secondary
ip address 10.222.221.249 255.255.255.0
ip nat inside
no ip route-cache
no keepalive
speed auto
no cdp enable

How do I get this server to see an RDP coming from the public IP? Add the other gateway? 10.222.221.249?

We currently have this config also:

ip nat inside source list 1 interface Serial0 overload
ip nat inside source static tcp 66.236.235.xxx 3389 10.222.221.1 3389 extendable
ip classless
ip route 0.0.0.0 0.0.0.0 Serial0
ip route 10.222.223.0 255.255.255.0 10.222.221.132
no ip http server


Note: both ethernet cards on the routers are plugged into the same switch

Thanks
Joseph

[movrshakr]

I'm not sure I can help because I know nothing about RDP. But I don't understand your network. The gateway address 10.222.221.254 you have on your server is not the machine you say is the internet access router 10.222.221.249. And route the 10.....net to the 66....

[Joseph]

Thanks for the reply,

You are correc the gateway you see at 254 is another router that is on the same subnet. This router is a PPP to another building. The are tied together by a 24 port switch on the ethernet side.

RDP is Remote Desktop I didn't create this network and I am having trouble with it.

66 is the public IP I was told that the 10.222.221.254 router has a route in it that sends all internet traffic to/through 10.222.221.249

Can this really be done?

I am trying to get the server exposed to the opened port 3389

How can I do this? Add the 10.222.221.249 as a gateway in the advanced section of the NIC?

Thank you
Joseph

[movrshakr]

OK that explains that, but the whole topology/addressing of the different nets/subnets is very confusing. I don't understand the hookups with the PPP mention, and is the RDP supposed to come from "the other building" or from the internet, and.....???? And which machines are to receive those packets? What is connected to the switches? Are they segmented? Level 2 or 3? Too many questions.

Here's an important point: is other non-PDP traffic getting through OK between the machines that need PDP? If not, then work that first with http or ftp or simple things to be sure the physical connectivity and routing and addressing works.

It is clear that someone has left you with a fairly complex environment, and I'm afraid I am not able to sort it out. You may need some on-site help.

[Joseph]

Hello Thanks again

Ok I can answer a lot of your questions but I agree this is not an easy network to understand. Actually I have never had to deal with this type of mess before.

Here is what I know:
There are four routers in all.

Building (A) has all internet access through one router. This is the router I showed the config on.
There is another router with the config of what I cannot see that has the default gateway of
10.222.221.254 This is all I know about this router except it's DSC/CSU side is to the other building

We will call Building (B) via a PPP

There is another router in another building Building (C). This is also connecting to this one via the same switch.

All PC's and servers have internet access and all PC's are on this same subnet except the 10.222.223.1 actually no need to worry about this one

However the ones that are on 10.222.221.0 all have the gateway 10.222.221.254
and all pc's and servers can connect to each other RDP or by any means e.g. browser, ping etc...

Switch is not on a layer basic Linksys 24 port

So what they accomplished was to link three buildings together and they did it in a sloppy way.
However I need to RDP via the internet from a location outside the network to any address on the subnet 10.222.221.0

So If I were to completely simplify this.... a Port Forward to 10.222.221.1 or any 221.xxx would be nice.

Now would setting the default gateway to .249 still allow access to building B?

Thanks I know this is aweful and I am feeling it too.

Joseph

[movrshakr]

Deciphering...
1. Internet access from all buildings goes out the router which is on the 10.222.221.0 net at address .254?

2. Internet access to all machines on the 10.222.221.0 net works?

3. You need to RDP from internet into machines on the 10.222.221.0 net which are already receiving IP (say TCP) traffic? If so, then the connectivity and routing is OK UNLESS THE RDP PROTOCOL OR PORT IS NOT ALLOWED THROUGH.

4. If above is correct, you do not need to add another gateway. (Normally, in 95% of circumstances, a net will need only one default gateway to go to other nets.)

So, IF IP traffic is getting to/from the machines you want to see the RDP, then the issue is getting RDP to route through the 10.222.221.254 router and any other intervening routers between there and the "using" workstations.

Is RDP even a routable protocol? I don't know...RDP illiterate here. If it is, then something in the router(s) is blocking it, because you already know IP is getting from outside to the machine--so RDP will get there unless it is blocked. Is it as simple as being sure that port you mentioned is not getting blocked by a router(s) or firewall somewhere in the system? You hadn't mentioned a firewall. That could be it too if it is an access list in router or firewall software in the end machines or in the source machine.

Gotta go to sleep now, and busy all tomorrow...won't be back on until tomorrow night at earliest. Sorry to abandon you. Maybe someone else can jump in with some ideas here.

[Joseph]

Hello movrshakr


You have answered my problem perfectly. Your deciphering is correct.

I will try tomorrow at this location and see what I can get.


Thanks again I will post back with an answer tomorrow night.

Joseph