07-05-2013 01:45 PM - edited 03-11-2019 07:07 PM
Hello,
I had an ASA5505 running OK with port mapping for few servers from the outside interface to the inside to enable remote desktop.
I then added the commands necessary to enable WAN failover though another ISP. once I had this running and tested OK, port mapping stopped working.
I have verified that I am still on the main ISP when we tried remote desktop (since I haven't added the necessary lines yet).
Attached is the current configuration (with WAN failover working but not port mapping). Just to confirm, I haven't made any changes to port mapping so it should still run if we are still on the main (old) ISP with no change in IP addressing.
Please help
regards,
Talal
Solved! Go to Solution.
07-05-2013 09:54 PM
access-list 101 extended permit icmp any any echo-reply
access-list 101 extended permit icmp any any source-quench
access-list 101 extended permit icmp any any unreachable
access-list 101 extended permit icmp any any time-exceeded
access-group 101 in interface outside
access-group 101 in interface VSAT
If this is for RDP... It will not work,
You are just allowing some ICMP messages,
Change the ACLs as required and u should be fine
Remember to rate all of the helpful posts.
For this community that's as important as a thanks.
07-05-2013 09:54 PM
access-list 101 extended permit icmp any any echo-reply
access-list 101 extended permit icmp any any source-quench
access-list 101 extended permit icmp any any unreachable
access-list 101 extended permit icmp any any time-exceeded
access-group 101 in interface outside
access-group 101 in interface VSAT
If this is for RDP... It will not work,
You are just allowing some ICMP messages,
Change the ACLs as required and u should be fine
Remember to rate all of the helpful posts.
For this community that's as important as a thanks.
07-06-2013 07:57 AM
Hello,
I managed to fix this by allowing the port numbers associated with each virtual server.
An example would look like this:
access-list 101 extended permit tcp any host xxx.xxx.xxx.211 eq 10003
best regards,
07-06-2013 12:31 PM
Hello,
Exactly, that'w what you were missing,
any other question, otherwise mark the question as answered
Remember to rate all of the helpful posts.
For this community that's as important as a thanks.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: