Solved: ASA5510 and RDP

jm.virtual01 · ‎09-11-2017

I have an issue regarding RDP. My server is behind ASA. From my network i can ping the server but not able to create RDP seesion. I can't RDP on this specific server but able ti RDP the other server on the same DMZ network. I have check that the packet is not blocked by asa. The packet tracer from ASA ASDM, it shows me connection is perfectly established.

What should be the issue ?

There is two server on the network 12.12.1.0/24

First one is 12.12.1.10, on this server i can pind and also i can RDP from my computer

second one 12.12.1.15, on this server i can ping but can't RDP from my computer.

It's for internal network. Packet will not go to the outside network.

jm.virtual01 · ‎09-12-2017

I have a question, i don't have any route from 10.33.6.0/24 network, but i can do RDP to 10.10.1.10 which is on same network like 10.10.1.24 ?

View solution in original post

Flavio Miranda · ‎09-11-2017

Hello,

Is it RDP enable on the server?

jm.virtual01 · ‎09-12-2017

Thanks for your reply.

But i have already done this step but can't able to RDP.

Flavio Miranda · ‎09-12-2017

Well, if RDP is enable on server we can eliminate this step.

Next question: What about Server routes. How mane interfaces does the Server has? Does it know how to reply to your machine?

You can put the output here:

route print

ifconfig /all

jm.virtual01 · ‎09-12-2017

Here i my output for route print

I am tryint to RDP from 10.33.6.0/24 network

but i can RDP from 192.168.0.0/18 network

===========================================================================
Interface List
13...00 50 56 8b 12 de ......vmxnet3 Ethernet Adapter
1...........................Software Loopback Interface 1
11...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
14...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 10.10.1.1 10.10.1.24 261
10.10.1.0 255.255.255.0 On-link 10.10.1.24 261
10.10.1.24 255.255.255.255 On-link 10.10.1.24 261
10.10.1.255 255.255.255.255 On-link 10.10.1.24 261
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.0.0 255.255.0.0 10.10.1.2 10.10.1.24 6
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 10.10.1.24 261
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 10.10.1.24 261
===========================================================================
Persistent Routes:
Network Address Netmask Gateway Address Metric
192.168.0.0 255.255.0.0 10.10.1.2 1
0.0.0.0 0.0.0.0 10.10.1.1 Default
0.0.0.0 0.0.0.0 10.10.1.1 Default
===========================================================================

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
13 261 fe80::/64 On-link
13 261 fe80::55f5:e584:1b84:4170/128
On-link
1 306 ff00::/8 On-link
13 261 ff00::/8 On-link
===========================================================================
Persistent Routes:
None

Flavio Miranda · ‎09-12-2017

Alright,

Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 10.10.1.1 10.10.1.24 261
10.10.1.0 255.255.255.0 On-link 10.10.1.24 261
10.10.1.24 255.255.255.255 On-link 10.10.1.24 261
10.10.1.255 255.255.255.255 On-link 10.10.1.24 261
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.0.0 255.255.0.0 10.10.1.2 10.10.1.24 6
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 10.10.1.24 261
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 10.10.1.24 261

We can see that you have an static route to 192.168.0.0 but you dont have it for

10.33.6.0. This way, you are using the default route 0.0.0.0 0.0.0.0 10.10.1.1 10.10.1.24 261.

If you are not the Network guy, you may need help to address it. Maybe will be necessary to add a new route on the target server.

jm.virtual01 · ‎09-12-2017

That route should be add in the server or in asa ? Can you suggest me how can i add route on server ?

In asa, i know but not from server side.

Flavio Miranda · ‎09-12-2017

It is easier on both. On server you just need to use the following command as administrator:

Example (Dont use this address)

route ADD 157.0.0.0 MASK 255.0.0.0 157.55.80.1
destination^ ^mask ^gateway

What I´d like to highlight is that it is important to understand what is necessary.

I mean, as per our verification, looks like server have no idea how to replay the RDP request. Then, it is sending to the default gateway throught default route. Looks like this is not the proper way and then your connection fail.

Whithout know your environment it is difficult advise you where to add route or not.

jm.virtual01 · ‎09-12-2017

One thing i fergot to mention, i can ping and RDP 10.10.1.10 server from my network 10.33.6.0/24.

Flavio Miranda · ‎09-12-2017

I think you could add a route like this on sever:

10.33.6.X 255.255.255.0 10.10.1.2 10.10.1.24

replace X by your IP address.

I think this can work.

jm.virtual01 · ‎09-12-2017

I have a question, i don't have any route from 10.33.6.0/24 network, but i can do RDP to 10.10.1.10 which is on same network like 10.10.1.24 ?

Flavio Miranda · ‎09-12-2017

That's correct. Same network. Does this server you are trying to RDP has IP address on the network as well?

Ipconfig /all you can confirm that. Maybe you are only using the wrong IP address.