cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
597
Views
0
Helpful
7
Replies

Device doesn't allow me to port forward

gsimon
Level 1
Level 1

Hi there

 

I'm using a Cisco asa 5506-x device with the ASDM version 7.4

 

I'm trying to allow for users to RDP into my computers on a network. I've created a NAT Network object with the IP address of the device, and the port I want it to allow RDP into from the outside interface (in this case 3390). However it will not allow me to RDP into it using the outside interface and the port. I've already tested RDPing into the device from inside the LAN and it works just fine.

 

Right now I'm guessing I have another function that is preventing RDP. How do I figure out what it is? Should I post my running configuration?

7 Replies 7

Andre Neethling
Level 4
Level 4

Can you please post your running config? Do you have an access rule configured for the outside interface to allow the traffic? How many devices do you need to be accessible from outside via RDP?

I've posted my running configuration above. At the moment I need several machines to allow for RDP from outside my office's network. At least 10-20.

Have you allowed access in the ACL on the outside (or internet facing) interface for port 3390 to the internal IP of the server?

Would help to see the running config of the ASA.

--

Please remember to select a correct answer and rate helpful posts

--
Please remember to select a correct answer and rate helpful posts

I have configured my ACL to allow RDP in through the outside interface.

 

Here is my running config, with certain things labelled as redacted such as my pppoe username and domain name.

 

 

Is the server listening to port 3390 or are your clients sending to port 3390?  The port definition is real port mapped port.

object network rdptest
 nat (inside,outside) static interface service tcp 3389 3390

also remember that the un-NAT happens before the ACL check so your ACL would be wrong.  I see that you have permit IP any any on the outside interface but I am guessing you want to remove that at some point.

--

Please remember to select a correct answer and rate helpful posts

 

--
Please remember to select a correct answer and rate helpful posts

The port the clients are sending is 3390. The port the server is listening to is 3389.

 

How do I fix my ACL?

Which NAT rule does the packet tracer indicate is being matched?

I would suggest placing the NAT rule in the manual NAT section instead of object NAT to make sure it is matched first.

--

Please remember to select a correct answer and rate helpful posts

--
Please remember to select a correct answer and rate helpful posts
Review Cisco Networking for a $25 gift card