08-20-2015 04:39 PM - edited 03-11-2019 11:28 PM
Hi there
I'm using a Cisco asa 5506-x device with the ASDM version 7.4
I'm trying to allow for users to RDP into my computers on a network. I've created a NAT Network object with the IP address of the device, and the port I want it to allow RDP into from the outside interface (in this case 3390). However it will not allow me to RDP into it using the outside interface and the port. I've already tested RDPing into the device from inside the LAN and it works just fine.
Right now I'm guessing I have another function that is preventing RDP. How do I figure out what it is? Should I post my running configuration?
08-20-2015 10:04 PM
Can you please post your running config? Do you have an access rule configured for the outside interface to allow the traffic? How many devices do you need to be accessible from outside via RDP?
08-21-2015 10:05 AM
I've posted my running configuration above. At the moment I need several machines to allow for RDP from outside my office's network. At least 10-20.
08-21-2015 02:07 AM
Have you allowed access in the ACL on the outside (or internet facing) interface for port 3390 to the internal IP of the server?
Would help to see the running config of the ASA.
--
Please remember to select a correct answer and rate helpful posts
08-21-2015 10:04 AM
08-21-2015 02:26 PM
Is the server listening to port 3390 or are your clients sending to port 3390? The port definition is real port mapped port.
object network rdptest nat (inside,outside) static interface service tcp 3389 3390
also remember that the un-NAT happens before the ACL check so your ACL would be wrong. I see that you have permit IP any any on the outside interface but I am guessing you want to remove that at some point.
--
Please remember to select a correct answer and rate helpful posts
08-21-2015 04:09 PM
The port the clients are sending is 3390. The port the server is listening to is 3389.
How do I fix my ACL?
08-23-2015 02:26 AM
Which NAT rule does the packet tracer indicate is being matched?
I would suggest placing the NAT rule in the manual NAT section instead of object NAT to make sure it is matched first.
--
Please remember to select a correct answer and rate helpful posts
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide