Hello, I have the following config on an ASA 5520 Version 9.1(7)4

object network outside-in-192-168-3-106
host 192.168.3.106

object network outside-in-192-168-3-106
nat (inside2,outside) static a.b.c.d service tcp 3389 59106

access-list outside_in extended permit tcp any eq 59106 host 192.168.3.106 eq 3389

I want an external user to be able to RDP to a.b.c.d port 59106 and this traffic to arrive at 192.168.3.106 port 3389

I can only get it to work if I add the access list:

access-list outside_in extended permit ip any host 192.168.3.106

What am I doing wrong?

Many thanks, Simon