Enabling Particular RDP Port ASA 8.6

alap84 — Tue, 12 Mar 2019 03:13:21 GMT

Hi Experts

i am very beginneer in ASA & firewalling, i just want to enable RDP port 60892 for accesing one server outside what i did is

object service rdp

service tcp destination eq 60892

object-group service NET

service-object object rdp

access-list INSIDE_access_in extended permit object-group NET object INSIDE-LAN any ...

is that ok ...

any thing which i m missing ....

also how to check if the traffic is getting drop due to some reason ....

Regards

Re: Enabling Particular RDP Port ASA 8.6

Jouni Forss — Thu, 05 Dec 2013 16:47:51 GMT

Hi,

The configuration doesnt make sense to me atleast.

It seems to me that you are simply allowing traffic from behind "inside" interface to "any" destination IP address with the destination port TCP/60892. These configurations would not allow any connections from Internet to your internal host.

If you are attempting to connect to some internal host from the external network then you will need the NAT configuration and ACL allowing the traffic on your ASAs external interface.

To change the default port you would typically configure Static PAT (Port Forward)

object network RDP-SERVER

host

nat (inside,outside) static interface service tcp 3389 60892

Then you will need to check the ACL attached to your "outside" interface

show run access-group

If you see an ACL attached to the "outside" interface then you should add a rule to that ACL

access-list permit tcp any object RDP-SERVER eq 3389

You would then need to connect from the external network to your ASAs public IP address with the port TCP/60892 for the connection to be forwarded to the local IP address and port TCP/3389 by the NAT configuration.

- Jouni

topic Re: Enabling Particular RDP Port ASA 8.6 in Network Security

Enabling Particular RDP Port ASA 8.6

Re: Enabling Particular RDP Port ASA 8.6