07-06-2016 07:07 AM - edited 03-12-2019 12:59 AM
Hello community,
I am running the Cisco Adaptive Security Appliance Software version 9.5 (1) and I want to allow RDP from any outside IP to an inside server. I got help last week opening some ports for software so I figured I could use the same method to allow RDP. Well everything worked great (Thanks Kornelia Gutierrez) except for RDP. This is the command that I used for the access-list for RDP :
access-list RDP extended permit tcp any host X.X.X.X eq ###### x.x.x.x = IP of internal server. # ### = We don't use the standard port for RPD
Then I applied it to the outside interface coming in: access-group RDP in interface outside
Does anybody see anything that I'm doing wrong? Thanks in advance. -Tony
07-06-2016 07:40 AM
Hi Tony,
What is the NAT configuration for this server on ASA?
Please make sure that you apply the internal IP of the RDP server in the access-list.
To verify why the traffic is not working, please use packet-tracer on ASA.
#packet-tracer input outside tcp <source-IP> <random-port> <destination-IP> <destination-port> detailed
Please make sure you use the public IP of the server for destination address.
This should point out why the traffic is getting dropped.
Regards,
Jagrati
07-06-2016 11:29 AM
This is the NAT config (by the way, this is new to me as I just received my CCNA but I've never worked with the ASAs)
object network obj-x.x.x.x X.X.X.X = Internal IP of server
host X.X.X.X
object network INSIDE
host X.X.X.X
object network obj-X.X.X.X
nat (inside,outside) static Y.Y.Y.Y service tcp ##### Y.Y.Y.Y = IP on the outside
interface
07-07-2016 12:22 AM
Hi,
The NAT configuration and access-list looks fine to me.
Please paste the output of below command so we could find the issue.
#packet-tracer input outside tcp <source-IP> <source-port> <destination-IP> <destination-port> detailed
source-IP - source from which the traffic is initiated
source-port - us any random port (ex-45432)
destination-IP - Y.Y.Y.Y (the public IP for RDP)
destination-port - the port on which you initiate the traffic
Regards,
Jagrati
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide