Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3693
Views
0
Helpful
3
Replies

Allowing RDP through Cisco ASA 5506

catdaddy6012
Level 1
Level 1

‎07-06-2016 07:07 AM - edited ‎03-12-2019 12:59 AM

Hello community,

I am running the Cisco Adaptive Security Appliance Software version 9.5 (1)  and I want to allow RDP from any outside IP to an inside server. I got help last week opening some ports for software so I figured I could use the same method to allow RDP. Well everything worked great (Thanks  Kornelia Gutierrez) except for RDP. This is the command that I used for the access-list for RDP :

access-list RDP extended permit tcp any host X.X.X.X eq ######     x.x.x.x = IP of internal server. # ### = We don't use the standard port for RPD

Then I applied it to the outside interface coming in: access-group RDP in interface outside

Does anybody see anything that I'm doing wrong? Thanks in advance. -Tony

1 person had this problem
Labels:
0 Helpful
3 Replies 3

jagraaga
Cisco Employee
Cisco Employee

‎07-06-2016 07:40 AM

Hi Tony,

What is the NAT configuration for this server on ASA?

Please make sure that you apply the internal IP of the RDP server in the access-list.

To verify why the traffic is not working, please use packet-tracer on ASA.

#packet-tracer input outside tcp <source-IP> <random-port> <destination-IP> <destination-port> detailed

Please make sure you use the public IP of the server for destination address.

This should point out why the traffic is getting dropped.

Regards,

Jagrati

0 Helpful

catdaddy6012
Level 1
Level 1
In response to jagraaga

‎07-06-2016 11:29 AM

This is the NAT config (by the way, this is new to me as I just received my CCNA but I've never worked with the ASAs)  

object network obj-x.x.x.x     X.X.X.X = Internal IP of server
 host X.X.X.X

object network INSIDE
 host X.X.X.X

object network obj-X.X.X.X
 nat (inside,outside) static Y.Y.Y.Y service tcp #####          Y.Y.Y.Y = IP on the outside

interface

0 Helpful

jagraaga
Cisco Employee
Cisco Employee
In response to catdaddy6012

‎07-07-2016 12:22 AM

Hi,

The NAT configuration and access-list looks fine to me.

Please paste the output of below command so we could find the issue.

#packet-tracer input outside tcp <source-IP> <source-port> <destination-IP> <destination-port> detailed

source-IP - source from which the traffic is initiated

source-port - us any random port (ex-45432)

destination-IP - Y.Y.Y.Y (the public IP for RDP)

destination-port - the port on which you initiate the traffic

Regards,

Jagrati

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card