Ok, It happens we try to use RD between the 192.0.0.0, 192.0.2.0, 192.0.4.0, 192.0.6.0 subnets.

Regards, Bert

All those subnets are actually behind the ASA, and it doesn't pass through the ASA at all therefore, RDP between the subnets should works.

I would check if personal firewall is enabled on the RDP server as that is one of the issue that blocks inbound RDP access. Please turn off the firewall and test the connectivity again. Further to that, please also check if RDP service has been enabled.

Ok, let me explain, RDP always worked as desired until I changed the settings to allow active ftp

as suggsted in this topic: https://supportforums.cisco.com/thread/2053280

Now active FTP works, RDP doesn't.

When I configure:

class class-default
  set connection advanced-options tcp-state-bypass
  inspect ftp

RDP works, connecting to a FTPserver with active FTP fails.

The configuration of the servers, and their firewalls haven't changed.

Thanks, Bert

Looks like default gateway for the 192.0.0.0/24 subnet might have been the ASA and by configuring "set connection advanced-options tcp-state-bypass", RDP will work. You can configure "set connection advanced-options tcp-state-bypass" but don't configure "inspect ftp" as you have configured previously, ie: just re-add "set connection advanced-options tcp-state-bypass" into the class class-default, however, don't worry about the "inspect ftp".

that should resolve the issue.

Hi

I configured the ASA as suggested, but active ftp still doesn't work.

If you have anymore idea's please let me know.

Thanks

Can you please add the following:

policy-map global_policy
class inspection_default

     inspect ftp

Is the RDP working now?

Hi

RDP is working even without

policy-map global_policy
class inspection_default

     inspect ftp

Now my previous problem of the active FTP has returned.

With the asa 5510 as default gateway, we are unable to use active ftp.

Regards

How did the active FTP issue get resolved last time? I checked the forum: https://supportforums.cisco.com/thread/2053280 however, I don't see any confirmation nor what has resolved the issue of active FTP.

As KS has suggested, did removing the following resolve the issue:

I am not sure what this below section is doing in the config.  I'd remove it.
class class-default
  set connection advanced-options tcp-state-bypass
  inspect ftp

policy-map global_policy
class class-default
no  set connection advanced-options tcp-state-bypass
  no  inspect ftp

exit

no class class-default

There is no inspection for RDP, so RDP should have worked despite any changes to the FTP configuration because they are running on different ports.

Hi

When i remove those lines RDP from the 192.0.0.0 subnet to the 192.0.2.0, 192.0.4.0, 192.0.6.0 is not possible.

Regards, Bert

It should work just fine if you change the default gateway for hosts in the 192.0.0.0/24 subnet from 192.0.0.40 to 192.0.0.187.

And on the 192.0.0.187 router, configure its default gateway to be 192.0.0.40.

The router with the address 192.0.0.187, isn't used in our internal network, it is a router

placed by one of out manufacturers to monitor some machines.

We do not control it, and do not use it, I just had to forward some ports to it.

The internal network uses the 192.0.0.40 as default gateway.

Regards

Actually, sorry, i was wrong earlier, you should change the default gateway to 192.0.0.25 instead. This will be the correct router as all the192.0.2.0/24, 192.0.4.0/24 and 192.0.6.0/24 are being forwarded to 192.0.0.25 as follows on the firewall:

route inside 192.0.2.0 255.255.255.0 192.0.0.25 1
route inside 192.0.4.0 255.255.255.0 192.0.0.25 1
route inside 192.0.6.0 255.255.255.0 192.0.0.25 1