Hello!
We have Cisco ASA 5525 in Failover mode (Active/Passive) (SW 9.2.2.4), 4 RDP Servers based on WinServer 2012R2(Serv_Net sec level 50), PCs connected to ASA (PC_Net, sec level 50) and uplink to Corporate Networks (CORP_NET, sec level 0).
When we connect from PCs which connected to ASA to RDP to servers - all ok. If we connect to servers from Corporate network - then log contain:
%ASA-6-302014: Teardown TCP connection 192428168 for CORP_NET:ip_pc_from_corp_net/52069 to SERV_NET:rdp_server_ip/3389 duration 0:00:21 bytes 0 TCP Reset-I |
%ASA-4-313005: No matching connection for ICMP error message: icmp src CORP_NET:dst SERV_NET:rdp_server_ip (type 3 | code 13) on CORP_NET interface. Original IP payload: tcp src rdp_server_ip/3389 dst ip_pc_from_corp_net/52069. |
Packet-tracer test print that all ok and packets from pc to server allow.
icmp protocol allowed on all interfaces.
On Win server "netstat -o" show syn_receive and connection isn't established.
P.S. I know that icmp type 3 code 13 says that problem on rdp server, but firewall on server is turn off.