Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1691
Views
0
Helpful
5
Replies

Asa 5506-x RDP gateway

vlietd
Level 1
Level 1

‎07-29-2018 03:59 AM - edited ‎02-21-2020 08:01 AM

Hi all

I know there are really a lot of topics about RDP and config on a asa 5506-x

But i try them almost all.

I want to setup a RDP gateway from a ip of a server in a data center back to the office.

Don't want RDP open voor the compleet world only from the ip of the server in the data center so that only users with a DC account on the data sever in the data center can use it.

No account no RDP back home.

But im compleet stuck i do a tracert from the data center back home it stops on the first hope that is normaly the gateway so that is oke but then the asa and can't conect with rdp

Provider has no ports blockt and the asa outside is in bridge mode (Vlan998)

And no windows firewalls close.

I know i do something rong on the asa but can not see it.

 

Config asa 3 lines also 3 separate vlans outside and 5 Vlans on the inside

 

The id 

Rdp from data center to vlan 998 then inside to a server in vlan 45 

 

If somebody can point me in the right derection

Preview file
27 KB
0 Helpful
5 Replies 5

Dennis Mink
VIP Alumni
VIP Alumni

‎07-29-2018 06:45 PM

so how does the DC connect to your FW? over the internet? in which case are you using a VPN?

 

 

Please remember to rate useful posts, by clicking on the stars below.

0 Helpful

vlietd
Level 1
Level 1
In response to Dennis Mink

‎07-29-2018 11:46 PM

Hi Dennis thx for respone.

The servers in the data centers have there own DC.and is a sub office

The RDP server there has his own internet so want to connect the office domein with rdp on port 3389.

Annyconct we use only to admin the servers basic and conect from home

rdp server is 81.xx.xx.xx 

Fw is 62.xx.xx.xx with vlan 998

0 Helpful

Dennis Mink
VIP Alumni
VIP Alumni
In response to vlietd

‎07-30-2018 06:16 AM

Still dont fully understand the setup, but it looks like you could do a simple static NAT/port forward on port 3389 for RDP and use an access list to allow only the public IP address of the trusted source to connect on RDP inbound. 

Please remember to rate useful posts, by clicking on the stars below.

0 Helpful

vlietd
Level 1
Level 1
In response to Dennis Mink

‎07-30-2018 07:50 AM 

nat (VLAN998,VLAN45) source static OBJ-STRATO OBJ-STRATO destination static OBJ-NET-HOST-10.10.45.107 OBJ-NET-HOST-10.10.45.107 service OBJ-SRV-TCP-3389 OBJ-SRV-TCP-3389
access-list RDP extended permit tcp any host 10.10.45.107 eq 3389


Hi Dennis thx

Both are already in the config eff put it for test to any30-07-2018 16-49-28.png

But eff then it runs dead

0 Helpful

vlietd
Level 1
Level 1
In response to vlietd

‎07-30-2018 08:03 AM

New config but still not working

Preview file
27 KB
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card