Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2191
Views
0
Helpful
3
Replies

Cisco ASA Port Forwarding for Remote Desktop

Go to solution
Cash2106
Level 1
Level 1

‎11-16-2020 01:49 AM

Hi there,

                    i have configured port forwarding in cisco asa, but its not working properly, i am not able to ping the ip of outside interface too,

i have created a access rule mentioning interface "outside" source is selected to any and destination ip is the machien ip which i want to access remotely, and in service i have added a new service mentioning the destination port 3389 and source port default (1-65535), then i have created a NAT Rule, mentioning source interface "Inside" and source address for my local machine i want to access remotely, and destination interface is "outside", destination address & service is set to "any", in action part source nat type is static, source address is outside, and in destination address its --original-- and in service i have added a new service in which destination port is default (1-65535) and source port is 3389.

 

when i am trying to access the concern ip remotely i am not able to do that through my outside interface ip even i am not able to ping the outside interface ip

 

can anyone help me please....

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Marius Gunnerud
VIP
VIP

‎11-16-2020 02:26 AM

Could you post the configuration you have for NAT and access-list? remember to change/remove any public IPs.

You can also run a packet tracer to simulate the packet through the ASA which should indicate where it is being dropped, if it is being dropped.

packet-tracer input outside tcp host 8.8.8.8 12345 host <server public IP> 3389 detail

--
Please remember to select a correct answer and rate helpful posts

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Marius Gunnerud
VIP
VIP

‎11-16-2020 02:26 AM

Could you post the configuration you have for NAT and access-list? remember to change/remove any public IPs.

You can also run a packet tracer to simulate the packet through the ASA which should indicate where it is being dropped, if it is being dropped.

packet-tracer input outside tcp host 8.8.8.8 12345 host <server public IP> 3389 detail

--
Please remember to select a correct answer and rate helpful posts
0 Helpful

Go to solution
Cash2106
Level 1
Level 1
In response to Marius Gunnerud

‎11-16-2020 02:33 AM

@Marius Gunnerudthanks the issue is resolved, i was testing it on the same network, i have unplugged my laptop from the network and connected it with some other wifi connection then i was able to access it remotely and also able to ping the outside interface ip as well.

 

issue is resolved. thanks.

 

but for other concern, i just want to know why i am not able to ping the outside interface ip while i am behind the firewall. i mean client is connected to firewall and using internet services through it, everything is working fine, but whenever any client try to ping the ip of outside interface they are not able to do that, ping timeout is coming in response.

0 Helpful

Go to solution
Marius Gunnerud
VIP
VIP
In response to Cash2106

‎11-16-2020 02:57 AM

If you are pinging from the inside network to the outside interface, this is dropped by design.  Pinging across the firewall is not permitted.  Ping is only permitted on the ingress interface (if configuration allows it)

--
Please remember to select a correct answer and rate helpful posts
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card