HELP configurazione protezione rete Soho 97

[sacc82]

Salve a tutti!
mi trovo davanti ad una situazione piuttosto insolita.
Non riesco a capire come mai dall'esterno se vado in RDP con un Client Desktop Remoto sul mio IP pubblico, il router reindirizzi la porta RDP ad un host della LAN, (in questo caso a 192.168.10.2).
vi posto la configurazione, perchè sembra che tutto le richieste esterne a questo router, "natti" tutto a 192.168.10.2.
Vi chiedo gentilmente di darmi una mano.. sicuramente c'è un errore grande come una casa che mi sfugge.
Vi ringrazio..

Il router è un Soho 97

Codice: Seleziona tutto

!
version 12.3
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
memory-size iomem 20
no logging buffered
enable secret 5 *********************
!
username CRWS_Ulags privilege 15 password 7 **********
ip subnet-zero
ip name-server 85.37.17.44
ip name-server 151.99.125.1
ip dhcp excluded-address 192.168.10.1 192.168.10.49
ip dhcp excluded-address 192.168.10.100 192.168.10.254
!
ip dhcp pool CLIENT
   import all
   network 192.168.10.0 255.255.255.0
   default-router 192.168.10.254
   dns-server 192.168.10.1
   lease 0 2
!
!
no aaa new-model
!
!
!
!
no crypto isakmp enable
!
!
!
interface Ethernet0
 ip address 192.168.10.254 255.255.255.0
 ip nat inside
 no ip mroute-cache
 hold-queue 100 out
!
interface ATM0
 no ip address
 no ip mroute-cache
 atm vc-per-vp 64
 no atm ilmi-keepalive
 dsl operating-mode auto
 pvc 8/35
  encapsulation aal5mux ppp dialer
  dialer pool-member 1
 !
!
interface Dialer1
 ip address negotiated
 ip access-group 105 in
 ip nat outside
 encapsulation ppp
 dialer pool 1
 dialer-group 1
 ppp authentication chap pap callin
 ppp chap hostname *****
 ppp chap password 7 **************
 ppp pap sent-username ***** password 7 **************
 ppp ipcp dns request
 ppp ipcp wins request
 hold-queue 224 in
!
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer1
no ip http server
no ip http secure-server
ip nat inside source list 102 interface Dialer1 overload
ip nat inside source static udp 192.168.10.2 1701 interface Dialer1 1701
ip nat inside source static tcp 192.168.10.2 1723 interface Dialer1 1723
ip nat inside source static esp 192.168.10.2 interface Dialer1
!
!
access-list 102 permit ip 192.168.10.0 0.0.0.255 any
access-list 105 deny   tcp any any eq telnet
access-list 105 permit ip any any
dialer-list 1 protocol ip permit
!
control-plane
!
!
line con 0
 no modem enable
 transport preferred all
 transport output all
 stopbits 1
line aux 0
 transport preferred all
 transport output all
 stopbits 1
line vty 0 4
 exec-timeout 120 0
 password 7 **************
 login
 length 0
 transport preferred all
 transport input all
 transport output all
!
scheduler max-task-time 5000
!

[Wizard]

Intanto configura la access-list 105 come Dio comanda e non con un permit ip any any...!

[sacc82]

quindi imposto :

access-list 105 deny tcp any any eq telnet
access-list 105 deny ip any any

e dovrebbe essere a posto?
le righe di ip nat inside ovvero:

ip nat inside source static udp 192.168.10.2 1701 interface Dialer1 1701
ip nat inside source static tcp 192.168.10.2 1723 interface Dialer1 1723
ip nat inside source static esp 192.168.10.2 interface Dialer1

funzioneranno ancora?

[Wizard]

No non va bene!

Codice: Seleziona tutto

no access-l 105
access-l 105 permit esp any any
access-l 105 permit udp any any eq 1701
access-l 105 permit tcp any any eq 1723
access-l 105 deny ip any any log

Ricordati prima però di configurare ip inspect senò poi nn esci +

[sacc82]

scusami del ritardo, ma grazie mille del tuo aiuto!
ora dovrebbe essere tutto ok!