I have one configured NAT and ACL for RDP to a server. When I test with Packet Tracer the results show a dropped packet, but in reality the policies work properly. I can RDP from outside to inside no problem. Why does Packet Tracer show the test as result as drop? Am I not performing the test properly?
packet-tracer input outside tcp 188.8.131.52 3389 172.16.20.33 3389
MAC Access list
Subtype: Resolve Egress Interface
found next-hop 172.16.20.33 using egress ifc inside
access-group outside_access_in in interface outside
access-list outside_access_in extended permit object rdp any object Server1
match access-list sfr
service-policy global_policy global
nat (outside,inside) source static any any destination static interface Server1 service rdp rdp
Drop-reason: (acl-drop) Flow is denied by configured rule
Solved! Go to Solution.
You need to specify the NATed IP of the server, not the private IP. Then you should see a successful result.
Please remember to select a correct answer and rate helpful posts
You get a final drop because it seems that you have an asymmetrical nat issue.
PS: Please don't forget to rate and b mark as correct answer if this answered your question
EDIT: i didn't looked on your command and everyone is right, you need to put your public IP and you'll have a success result instead of rpf-check drop