cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Welcome to Cisco Firewalls Community


157
Views
0
Helpful
7
Replies
Highlighted
Beginner

Can't Remote Desktop

ASA5520 running in 8.4(4)1

A win2012R2 server can be reached by windows remote desktop in Lan. Using Static NAT it outside and permit port in ACL. Telnet can access the server RD port at 3389 but windows RD doesn't work from internet. What's wrong with it? Who can kindly help me? Thanks!

Everyone's tags (1)
7 REPLIES 7
VIP Advisor

Re: Can't Remote Desktop

Since we do not see the Logs what is wrong to confirm,

 

can you post the Logs while you connecting from outside to inside RDP Server.

post configuraiton also.

 

here is the snippet to work.

==========================

object service RDP

service tcp source eq 3389

object network inside-host

  host x.x.x.x

nat (inside,outside)  source static inside-host interface service RDP RDP

BB
*** Rate All Helpful Responses ***
Beginner

Re: Can't Remote Desktop

yes, it is same as you. object network new host 192.168.0.250 object network new nat (inside,outside) static *.*.*.*(a public IP) Telnet can access ports 3389 or 8082 of the NAT server from Internet. Exploers can also access the WEB service at 8082. But windows RD can't work.
VIP Advisor

Re: Can't Remote Desktop

just confirm, is the RDP works Locally ?

BB
*** Rate All Helpful Responses ***
Beginner

Re: Can't Remote Desktop

RD is working well in the LAN
VIP Advisor

Re: Can't Remote Desktop

Hi

Can you share your config please?
Your issue is to access your RDP over Internet? If so can you run the following command and share the output:
packet-tracer input INTERNET tcp 8.8.8.8 12345 RDP-SRV-PUB 3389

Replace INTERNET with the real name of your outside interface and RDP-SRV-PUB with your public IP you're trying to access your RDP server,

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question
Beginner

Re: Can't Remote Desktop

Phase: 1 Type: ACCESS-LIST Subtype: Result: ALLOW Config: Implicit Rule Additional Information: MAC Access list Phase: 2 Type: UN-NAT Subtype: static Result: ALLOW Config: object network new2 nat (inside,outside) static 219.143.34.200 Additional Information: NAT divert to egress interface inside Untranslate 219.143.34.200/1234 to 192.168.0.250/1234 Phase: 3 Type: ACCESS-LIST Subtype: log Result: ALLOW Config: access-group in in interface outside access-list in extended permit tcp any any Additional Information: Phase: 4 Type: IP-OPTIONS Subtype: Result: ALLOW Config: Additional Information: Phase: 5 Type: VPN Subtype: ipsec-tunnel-flow Result: ALLOW Config: Additional Information: Phase: 6 Type: NAT Subtype: rpf-check Result: ALLOW Config: object network new2 nat (inside,outside) static 219.143.34.200 Additional Information: Phase: 7 Type: USER-STATISTICS Subtype: user-statistics Result: ALLOW Config: Additional Information: Phase: 8 Type: IP-OPTIONS Subtype: Result: ALLOW Config: Additional Information: Phase: 9 Type: USER-STATISTICS Subtype: user-statistics Result: ALLOW Config: Additional Information: Phase: 10 Type: FLOW-CREATION Subtype: Result: ALLOW Config: Additional Information: New flow created with id 10189590, packet dispatched to next module Result: input-interface: outside input-status: up input-line-status: up output-interface: inside output-status: up output-line-status: up Action: allow By the way, the server RD port has been changed to 1234.
VIP Advisor

Re: Can't Remote Desktop

I'm sorry the output is not readable, if you can paste it use the reply button instead of quick reply or put the output into a text file it would be helpful.

It looks like everything is ok. Can you share your config and can you run the command using the real RDP port please?

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question