Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
704
Views
0
Helpful
1
Replies

Need help configuring RDP on asa841-k8.bin

Aaron King
Level 1
Level 1

‎08-06-2011 04:07 PM - edited ‎03-11-2019 02:08 PM

Need some assistance with config RDP to internal host from outside.

With new OS, unable to configure RDP having issue with NAT commands are different.

Thanks.

ASA Version 8.4(1)

!

hostname RTDALTON01

names

!

interface Vlan1

description LAN VLAN

nameif inside

security-level 100

ip address 172.20.1.30 255.255.255.0

!

interface Vlan2

description WAN VLAN

nameif outside

security-level 0

ip address 205.144.212.129 255.255.255.0

!

interface Ethernet0/0

description sw

!

interface Ethernet0/1

description CABLE INTERNET WINDSTREAM

switchport access vlan 2

!

interface Ethernet0/2

!

interface Ethernet0/3

!

interface Ethernet0/4

!

interface Ethernet0/5

!

interface Ethernet0/6

!

interface Ethernet0/7

!

banner motd $

banner motd UNAUTHORIZED ACCESS PROHIBITED

banner motd ******************************************************

banner motd Access to this system and associated network, computer

banner motd resource, or data is restricted to those authorized by

banner motd the company. This system and related networks, resources

banner motd or data may only be used for business purposes of the

banner motd company and its customers.Use by unauthorized individuals

banner motd or for an unauthorized purpose is a violation of Federal

banner motd and/or State law. Violators will be prosecuted.

banner motd *************************************************************************

boot system disk0:/asa841-k8.bin

ftp mode passive

same-security-traffic permit intra-interface

object network obj_any

subnet 0.0.0.0 0.0.0.0

object network RDP_static

host 172.20.1.1

access-list remote_access extended permit tcp any interface outside eq 3389

access-list remote_access extended permit gre any host 205.144.212.15

pager lines 24

logging asdm informational

mtu inside 1500

mtu outside 1500

icmp unreachable rate-limit 1 burst-size 1

no asdm history enable

arp timeout 14400

nat (inside,outside) source static RDP_static interface

nat (inside,outside) source static RDP_static interface destination static obj_any any

!

object network obj_any

nat (inside,outside) dynamic interface

access-group remote_access in interface outside

route outside 0.0.0.0 0.0.0.0 205.144.212.1 1

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00

timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00

timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute

timeout tcp-proxy-reassembly 0:01:00

dynamic-access-policy-record DfltAccessPolicy

aaa authentication ssh console LOCAL

aaa authentication telnet console LOCAL

http server enable

http 192.168.1.0 255.255.255.0 inside

http 172.20.1.0 255.255.255.0 inside

http 0.0.0.0 0.0.0.0 outside

no snmp-server location

no snmp-server contact

snmp-server enable traps snmp authentication linkup linkdown coldstart

telnet 172.20.1.0 255.255.255.0 inside

telnet timeout 5

ssh 0.0.0.0 0.0.0.0 outside

ssh timeout 5

console timeout 0

dhcpd auto_config outside

!

threat-detection basic-threat

threat-detection statistics access-list

no threat-detection statistics tcp-intercept

webvpn

!

class-map inspection_default

match default-inspection-traffic

!

!

policy-map type inspect dns preset_dns_map

parameters

  message-length maximum 512

policy-map global_policy

class inspection_default

  inspect dns preset_dns_map

  inspect ftp

  inspect h323 h225

  inspect h323 ras

  inspect rsh

  inspect rtsp

  inspect esmtp

  inspect sqlnet

  inspect skinny

  inspect sunrpc

  inspect xdmcp

  inspect sip

  inspect netbios

  inspect tftp

  inspect pptp

!

prompt hostname context

call-home

profile CiscoTAC-1

  no active

  destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService

  destination address email callhome@cisco.com

  destination transport-method http

  subscribe-to-alert-group diagnostic

  subscribe-to-alert-group environment

  subscribe-to-alert-group inventory periodic monthly

  subscribe-to-alert-group configuration periodic monthly

  subscribe-to-alert-group telemetry periodic daily

Cryptochecksum:74e822be2c77334d430a8f99f14b0a4e

: end

RTDALTON01(config)#

Labels:
0 Helpful
1 Reply 1

varrao
Level 10
Level 10

‎08-06-2011 08:59 PM

Hi Aaron,

If you use the above natting then you would lose all the management access on the outside interface, you would need to do port forwarding, kindly remove the nat statements that you have and you can use this:

object service rdp_login

  service tcp destination eq 3389

nat (outside,inside) source static any any destination static interface RDP_static service rdp_login rdp_login

and the access-list is also wrong, it should be:

access-list remote_access extended permit tcp any host 172.20.1.1 eq 3389

and it would work smoothly for you.

Hope this helps.

Thanks,

Varun

Thanks,
Varun Rao
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card