topic Re: RDP Access problem through ASA5510 FW in Network Security

RDP Access problem through ASA5510 FW

saroj pradhan — Mon, 11 Mar 2019 22:29:12 GMT

i am using Cisco ASA5510 Firewall in my Network in the distrubition Layer .

Private Range of Network Address use in the Network and PAT at the FW for address translation.

presently encountering an issue the users behind the FW in my network unable to RDP at port 2000 presented at the Client Network.

Able to Telnet on port2000 but not RDP .

Please advice any changes needed at the FW end to get the RDP Access.

Thanks,

Saroj

RDP Access problem through ASA5510 FW

Julio Carvajal — Tue, 14 Feb 2012 01:10:36 GMT

Hello,

We need more information!!

Where are the clients? On the trusted or untrusted zone

Where is the RDP server?

Please post your configuration ( with some changes of course due to security purposes)

Julio

Re: RDP Access problem through ASA5510 FW

saroj pradhan — Tue, 14 Feb 2012 01:30:29 GMT

My users are behind the ASA Firewall in my Network and trying to access the Server through RDP the server Location is at USA.

No idea about client environment but the RDP works in Internet dada card, Through Checkpoint FW and Sonicwall Firewall .

Enclosed the Config File of ASA,

Thanks,

Saroj

Re: RDP Access problem through ASA5510 FW

Julio Carvajal — Tue, 14 Feb 2012 01:38:48 GMT

Please provide following:

packet-tracer input inside tcp x.x.x.x (inside_user_Ip) 1025 y.y.y.y(RDP_server_ip) 2000

Regards,

Re: RDP Access problem through ASA5510 FW

saroj pradhan — Tue, 14 Feb 2012 01:45:59 GMT

Please find the report.

Netlink-OS-ASA# packet-tracer input inside tcp 172.16.48.213 1025 74.94.242.13$

Phase: 1

Type: ACCESS-LIST

Subtype:

Result: ALLOW

Config:

Implicit Rule

Additional Information:

MAC Access list

Phase: 2

Type: FLOW-LOOKUP

Subtype:

Result: ALLOW

Config:

Additional Information:

Found no matching flow, creating a new flow

Phase: 3

Type: ROUTE-LOOKUP

Subtype: input

Result: ALLOW

Config:

Additional Information:

in 0.0.0.0 0.0.0.0 outside

Phase: 4

Type: ACCESS-LIST

Subtype: log

Result: ALLOW

Config:

access-group inside_access_in_1 in interface inside

access-list inside_access_in_1 extended permit ip any any

Additional Information:

Phase: 5

Type: IP-OPTIONS

Subtype:

Result: ALLOW

Config:

Additional Information:

Phase: 6

Type: INSPECT

Subtype: inspect-skinny

Result: ALLOW

Config:

class-map inspection_default

match default-inspection-traffic

policy-map global_policy

class inspection_default

inspect skinny

service-policy global_policy global

Additional Information:

Phase: 7

Type: NAT

Subtype:

Result: ALLOW

Config:

nat (inside) 1 Block_FromASA_ThroughUntangle1 255.255.255.192

match ip inside Block_FromASA_ThroughUntangle1 255.255.255.192 outside any

dynamic translation to pool 1 (122.168.191.66 )

translate_hits = 59925, untranslate_hits = 345

Additional Information:

Dynamic translate 172.16.48.213/1025 to 122.168.191.66/29284 using netmask 255.255.255.255

Phase: 8

Type: NAT

Subtype: host-limits

Result: ALLOW

Config:

nat (inside) 1 Block_FromASA_ThroughUntangle1 255.255.255.192

match ip inside Block_FromASA_ThroughUntangle1 255.255.255.192 outside any

dynamic translation to pool 1 (122.168.191.66 )

translate_hits = 59925, untranslate_hits = 345

Additional Information:

Phase: 9

Type: ACCESS-LIST

Subtype: log

Result: ALLOW

Config:

access-group outside_access_out out interface outside

access-list outside_access_out extended permit ip any any

Additional Information:

Phase: 10

Type: IP-OPTIONS

Subtype:

Result: ALLOW

Config:

Additional Information:

Phase: 11

Type: FLOW-CREATION

Subtype:

Result: ALLOW

Config:

Additional Information:

New flow created with id 59535332, packet dispatched to next module

Phase: 12

Type: ROUTE-LOOKUP

Subtype: output and adjacency

Result: ALLOW

Config:

Additional Information:

found next-hop 122.168.191.65 using egress ifc outside

adjacency Active

next-hop mac address 0019.2f8e.c639 hits 29742

Result:

input-interface: inside

input-status: up

input-line-status: up

output-interface: outside

output-status: up

output-line-status: up

Action: allow

Thanks,

Saroj

Re: RDP Access problem through ASA5510 FW

Julio Carvajal — Tue, 14 Feb 2012 01:50:02 GMT

Hello Saroj,

everything looks good.

Please do captures in order to troubleshoot this, captures need it on the inside and outside interface.

http://analysisandreview.com/cisco/how-to-configure-a-packet-capture-in-the-cisco-asa/

http://www.techrepublic.com/blog/networking/easy-packet-captures-straight-from-the-cisco-asa-firewall/1317

Regards,

Re: RDP Access problem through ASA5510 FW

saroj pradhan — Tue, 14 Feb 2012 01:57:59 GMT

I have captured the Log from the ASA While conncting the RDP Server.

Feb 14 2012

07:19:39

302014

74.94.242.139

3389

172.16.51.10

48312

Teardown TCP connection 59541059 for outside:74.94.242.139/3389 to inside:172.16.51.10/48312 duration 0:00:00 bytes 0 TCP Reset-O

Re: RDP Access problem through ASA5510 FW

Julio Carvajal — Tue, 14 Feb 2012 02:01:42 GMT

Hello,

That is all we need.. Reset-O

A reset packet is comming from the outside, that is why we should create a packet-capture, we should have seen those packets comming from the server.

Connection is being closed by the RDP server!

Do rate all the helpful posts!!

Re: RDP Access problem through ASA5510 FW

saroj pradhan — Wed, 15 Feb 2012 01:05:02 GMT

As per your instruction I have configured on the ASA the following command to capture packet but no result.

Showing 0 packet captured while trying with RDP On port 2000 ,

Thanks,

Saroj

access-list capin permit tcp host rdp_client_private_ip host server_outside eq 2000

access-list capin permit tcp host server_outside eq 2000 host rdp_client_private_ip

access-list capout permit tcp host rdp_client_public_ip host server_outside eq 2000

access-list capout permit tcp host server_outside eq 2000 host rdp_client_public_ip

capture capin access-list capin interface inside

capture capout access-list capout interface outside

Re: RDP Access problem through ASA5510 FW

saroj pradhan — Wed, 15 Feb 2012 08:03:13 GMT

i am unbale to capture log due to performance issue .

please find the report.

Netlink-OS-ASA# capture capin access-list capin interface inside real-time dum$

Warning: using this option with a slow console connection may

result in an excessive amount of non-displayed packets

due to performance limitations.

Use ctrl-c to terminate real-time capture

0 packets shown.

0 packets not shown due to performance limitations.

Re: RDP Access problem through ASA5510 FW

saroj pradhan — Wed, 15 Feb 2012 08:34:44 GMT

hello,

please find the output of the capture packet from the inside Interface.

Netlink-OS-ASA# capture capin access-list capin interface inside real-time

Warning: using this option with a slow console connection may

result in an excessive amount of non-displayed packets

due to performance limitations.

Use ctrl-c to terminate real-time capture

1: 13:50:54.278138 [|ip]

2: 13:50:54.592666 [|ip]

3: 13:50:54.593902 [|ip]

4: 13:50:54.594329 [|ip]

5: 13:50:54.594390 [|ip]

6: 13:51:20.340390 [|ip]

7: 13:51:20.340467 [|ip]

8: 13:51:20.657848 [|ip]

9: 13:51:23.381877 [|ip]

10: 13:51:23.696527 [|ip]

11: 13:51:23.697717 [|ip]

12: 13:51:23.698495 [|ip]

13: 13:51:23.698557 [|ip]

14: 13:51:36.024519 [|ip]

15: 13:51:36.024595 [|ip]

16: 13:51:36.345120 [|ip]

17: 13:51:38.761892 [|ip]

18: 13:51:39.074260 [|ip]

19: 13:51:39.075054 [|ip]

20: 13:51:39.075496 [|ip]

21: 13:51:39.075557 [|ip]

22: 13:52:27.816180 [|ip]

23: 13:52:27.816257 [|ip]

24: 13:52:28.132561 [|ip]

25: 13:52:31.949459 [|ip]

26: 13:52:32.265367 [|ip]

27: 13:52:32.266267 [|ip]

28: 13:52:32.267060 [|ip]

29: 13:52:32.267121 [|ip]

29 packets shown.

0 packets not shown due to performance limitations.

Netlink-OS-ASA# sh capture capin access-list capin detail

82 packets captured

0 packet shown

when i tried to capture from outside interface no data shown.

Netlink-OS-ASA# capture capout access-list capout interface outside real-time

Warning: using this option with a slow console connection may

result in an excessive amount of non-displayed packets

due to performance limitations.

Use ctrl-c to terminate real-time capture

0 packets shown.

0 packets not shown due to performance limitations.

RDP Access problem through ASA5510 FW

saroj pradhan — Wed, 15 Feb 2012 13:34:16 GMT

Hello,

please help me resolved the RDP Issue.

RDP Access problem through ASA5510 FW

saroj pradhan — Thu, 16 Feb 2012 10:51:19 GMT

Please help to get a resolution.

ThanKS,

SAROJ