Have issue for access internal RDP server

jackyli1031 — Tue, 12 Mar 2019 02:18:28 GMT

Hi All

Problem again. Hope you all can help to solve.

I have internal server 10.200.13.1 for RDP access. But base on below config not are work.

Also if bypass this firewall can work.

: Saved

ASA Version 8.2(5)

hostname mkofficefw01

enable password XwzHd4VCVqrxvrzG encrypted

passwd 2KFQnbNIdI.2KYOU encrypted

names

interface Ethernet0/0

nameif HGC_BB

security-level 0

ip address 10.10.10.1 255.255.255.0

interface Ethernet0/1

description MK_Office_206

nameif MK_206

security-level 100

ip address 10.206.0.253 255.255.254.0

interface Ethernet0/2

description MK_Office_207

nameif MK_207

security-level 100

ip address 10.207.0.253 255.255.255.0

interface Ethernet0/3

no nameif

no security-level

no ip address

interface Management0/0

nameif management

security-level 100

ip address 172.32.1.1 255.255.255.0

management-only

ftp mode passive

same-security-traffic permit inter-interface

same-security-traffic permit intra-interface

access-list mk206_inside extended permit ip any any

access-list mk207_inside extended permit ip any any

access-list HGC_outside extended permit ip any any

access-list inside_nat_206_outbound extended permit ip any 10.206.0.0 255.255.254.0

access-list inside_nat_206_outbound extended permit ip 10.206.0.0 255.255.254.0 10.207.0.0 255.255.255.0

access-list inside_nat_206_outbound extended permit ip 10.206.0.0 255.255.254.0 10.201.0.0 255.255.0.0

access-list inside_nat_206_outbound extended permit ip 10.206.0.0 255.255.254.0 10.202.0.0 255.255.0.0

access-list inside_nat_206_outbound extended permit ip 10.206.0.0 255.255.254.0 10.204.0.0 255.255.0.0

access-list inside_nat_206_outbound extended permit ip 10.206.0.0 255.255.254.0 10.205.0.0 255.255.0.0

access-list inside_nat_206_outbound extended permit ip 10.206.0.0 255.255.254.0 10.210.0.0 255.255.0.0

access-list inside_nat_206_outbound extended permit ip 10.206.0.0 255.255.254.0 10.200.13.0 255.255.255.0

access-list inside_nat_207_outbound extended permit ip any 10.207.0.0 255.255.255.0

access-list inside_nat_207_outbound extended permit ip 10.207.0.0 255.255.255.0 10.200.0.0 255.255.0.0

access-list inside_nat_207_outbound extended permit ip 10.207.0.0 255.255.255.0 10.201.0.0 255.255.0.0

access-list inside_nat_207_outbound extended permit ip 10.207.0.0 255.255.255.0 10.202.0.0 255.255.0.0

access-list inside_nat_207_outbound extended permit ip 10.207.0.0 255.255.255.0 10.204.0.0 255.255.0.0

access-list inside_nat_207_outbound extended permit ip 10.207.0.0 255.255.255.0 10.205.0.0 255.255.0.0

access-list inside_nat_207_outbound extended permit ip 10.207.0.0 255.255.255.0 10.210.0.0 255.255.0.0

access-list inside_nat_207_outbound extended permit ip 10.207.0.0 255.255.255.0 10.206.0.0 255.255.254.0

pager lines 24

logging asdm informational

mtu HGC_BB 1500

mtu MK_206 1500

mtu MK_207 1500

mtu management 1500

icmp unreachable rate-limit 1 burst-size 1

icmp permit any HGC_BB

icmp permit any MK_206

icmp permit any MK_207

no asdm history enable

arp timeout 14400

global (HGC_BB) 1 interface

nat (MK_206) 0 access-list inside_nat_206_outbound

nat (MK_206) 1 10.206.0.0 255.255.252.0

nat (MK_206) 10 0.0.0.0 0.0.0.0

nat (MK_207) 0 access-list inside_nat_207_outbound

nat (MK_207) 1 10.207.0.0 255.255.255.0

nat (MK_207) 10 0.0.0.0 0.0.0.0

access-group HGC_outside in interface HGC_BB

access-group mk206_inside in interface MK_206

access-group mk207_inside in interface MK_207

route HGC_BB 0.0.0.0 0.0.0.0 10.10.10.2 1

route MK_206 10.200.0.0 255.255.0.0 10.206.0.254 1

route MK_206 10.201.0.0 255.255.0.0 10.206.0.254 1

route MK_206 10.202.0.0 255.255.0.0 10.206.0.254 1

route MK_206 10.204.0.0 255.255.0.0 10.206.0.254 1

route MK_206 10.205.0.0 255.255.0.0 10.206.0.254 1

route MK_206 10.210.0.0 255.255.0.0 10.206.0.254 1

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00

timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00

timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute

timeout tcp-proxy-reassembly 0:01:00

timeout floating-conn 0:00:00

dynamic-access-policy-record DfltAccessPolicy

aaa authentication ssh console LOCAL

aaa authentication telnet console LOCAL

no snmp-server location

no snmp-server contact

snmp-server enable traps snmp authentication linkup linkdown coldstart

crypto ipsec security-association lifetime seconds 28800

crypto ipsec security-association lifetime kilobytes 4608000

crypto ca trustpoint _SmartCallHome_ServerCA

crl configure

telnet 10.0.0.0 255.0.0.0 management

telnet timeout 5

ssh 0.0.0.0 0.0.0.0 HGC_BB

ssh 10.0.0.0 255.0.0.0 management

ssh timeout 5

console timeout 0

threat-detection basic-threat

threat-detection statistics access-list

no threat-detection statistics tcp-intercept

username maxline password AxVGTgY4NjA2d3H8 encrypted privilege 15

class-map inspection_default

match default-inspection-traffic

policy-map type inspect dns preset_dns_map

parameters

message-length maximum client auto

message-length maximum 512

policy-map global_policy

class inspection_default

inspect dns preset_dns_map

inspect ftp

inspect h323 h225

inspect h323 ras

inspect rsh

inspect rtsp

inspect esmtp

inspect sqlnet

inspect skinny

inspect sunrpc

inspect xdmcp

inspect sip

inspect netbios

inspect tftp

inspect ip-options

inspect icmp

inspect icmp error

service-policy global_policy global

prompt hostname context

call-home reporting anonymous

Cryptochecksum:c8df6eda8684cac25cc5a0e927f9b39a

: end

Thank for your help !!!

Jacky

Have issue for access internal RDP server

Julio Carvajal — Mon, 29 Jul 2013 07:12:08 GMT

From which IP are you trying to access it?

Also what's the IP address you are putting into the RDP session? The real IP address for the server?

For Networking Posts check my blog at http://www.laguiadelnetworking.com/category/english/

Cheers,

Julio Carvajal Segura

Have issue for access internal RDP server

jackyli1031 — Mon, 29 Jul 2013 07:38:02 GMT

sorry for my missing

is from mk_206(inside) to 10.200.13.1(inside)

Thank

Jacky

topic Have issue for access internal RDP server in Network Security

Have issue for access internal RDP server

Have issue for access internal RDP server

Have issue for access internal RDP server