Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
8633
Views
5
Helpful
16
Replies

Port Forwarding for ASA Using ASDM

Go to solution
chuckbalogh
Level 1
Level 1

‎01-11-2017 12:49 PM - edited ‎03-12-2019 01:45 AM

Hello.  I am a Cisco enterprise equipment newbie so I have  a newbie  question.  I am trying to setup 2 RDP port  forwards  through the ASA 5505.  I can currently RDP through the ASA with the default listening port, 3389. However, my attempts are  configuring RDP with other ports has not  panned out  at  all.  I inherited this setup so I did not originally configure the ASA. 

I am using the ASDM interface and would like to continue to do so if  possible.  The ASA is v8.2 and  the ASDM is  v6.3. 

The ASA is configured  for  1  Outside port  (10.10.30.85 - DHCP) and 3 Inside ports (10.10.30.254).  One inside port  is  connected  to a Dell PowerConnect switch which supplies a server and  4 workstations.  The  Outside  ASA port  is  connected  to an  ATT Pace  4111N-031 modem/router. 

With other  equipment, I have just configured  a port  forward and it was pretty straightforward.  I have  seen much about  using a NAT rule.  Do I/Should  ICan I/ use a NAT Rule? 

I have attached screen  shots for the NAT and Access Rules.

Thank you in advance for  your assistance

Labels:
Preview file
103 KB
Preview file
93 KB
0 Helpful
16 Replies 16

Go to solution
Francesco Molino
VIP Alumni
VIP Alumni
In response to chuckbalogh

‎01-30-2017 05:23 AM

Hi

Did you changed the RDP listening port in Windows? 

You can use whatever port you want but you need to change it into Windows machine:

https://support.microsoft.com/en-us/help/306759/how-to-change-the-listening-port-for-remote-desktop

On ASA, for sure, you'll be allowed to as much as nat as you want on the same IP if the port is different.

Thanks

PS: Please don't forget to rate and mark as correct answer if this answered your question.


Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question
0 Helpful

Go to solution
Marius Gunnerud
VIP
VIP
In response to chuckbalogh

‎01-30-2017 06:02 AM

There are three ways to NAT the outside port of 3389 to the inside.

  1. You can assign a dedicated public IP to the first server and NAT 3389 -> 3389 or NAT all ports for that matter.
  2. change the outside port (to as you have 3398) and map that to port 3389 on the inside towards the second server
  3. Or, as mentioned by Francesco, you can have the server listen for a different (user-defined) RDP port.  Although you can do this it just complicates things in my opinion.

--

Please remember to select a correct answer and rate helpful posts

--
Please remember to select a correct answer and rate helpful posts
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card