10-12-2017 05:56 AM - edited 02-21-2020 06:28 AM
Hello, I have the following config on an ASA 5520 Version 9.1(7)4
object network outside-in-192-168-3-106
host 192.168.3.106
object network outside-in-192-168-3-106
nat (inside2,outside) static a.b.c.d service tcp 3389 59106
access-list outside_in extended permit tcp any eq 59106 host 192.168.3.106 eq 3389
I want an external user to be able to RDP to a.b.c.d port 59106 and this traffic to arrive at 192.168.3.106 port 3389
I can only get it to work if I add the access list:
access-list outside_in extended permit ip any host 192.168.3.106
What am I doing wrong?
Many thanks, Simon
Solved! Go to Solution.
10-12-2017 07:57 AM - edited 10-12-2017 08:05 AM
Hi,
You need to allow access for the NATTed object, it would work. Hence the mapped port is not required.
access-list outside_in extended permit tcp any object outside-in-192-168-3-106 eq 3389
Regards,
Kias
10-12-2017 07:57 AM - edited 10-12-2017 08:05 AM
Hi,
You need to allow access for the NATTed object, it would work. Hence the mapped port is not required.
access-list outside_in extended permit tcp any object outside-in-192-168-3-106 eq 3389
Regards,
Kias
10-12-2017 10:09 AM
Thanks Kias. It works!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide