12-17-2012 09:29 AM - edited 03-11-2019 05:38 PM
Hi I need help with doing a port forward for remote desktop with asa5505 9.1.1 and asdm 7.1.1 i could have done this with the previous versions of asdm but now it even more confusing
05-24-2013 05:03 AM
Hi,
The format for configuring Static PAT is pretty simple
You configure an "object network", for example
object network SERVER-RDP
host x.x.x.x
nat (lan,wan) static interface service tcp 3389 3389
The above "lan" and "wan" are interface names. If your interfaces are named different like they seem to be looking at the log message then you naturally use those.
The x.x.x.x means the local ip address configured on the actual host on your LAN network. Its not the public IP address.
- Jouni
05-24-2013 05:11 AM
I still did.
But when asked to external ip address in the logs an error
Teardown TCP connection 6306058 for disbacak:83.220.236.74/29128 to icbacak:10.2.150.5/3389 duration 0:00:30 bytes 0 SYN Timeout
What had I done?
05-24-2013 05:13 AM
Hi,
Seems to me that there is some translation already for IP address 10.2.150.5 local IP address and the connection that is taken through the firewall is allowed.
The actual target machine doesnt respond to the connection attempt.
This doesnt seem to be a problem with the firewall. It seems to be a problem with the PC you are trying to connect to.
- Jouni
05-24-2013 05:18 AM
If connected to the LAN by 10.2.150.5 RDP, the connection is established.
When you connect the external IP an error.
05-24-2013 05:22 AM
Hi,
Its impossible for me to tell you the reason with this information.
I would suggest checking that the actual host is not blocking the connection from the Internet.
It could be some Windows related setting or software firewall or perhaps there is problem with the default gateway configuration of the host (though I would doubt it since it couldnt access Internet through the ASA if this was the case)
- Jouni
05-24-2013 06:07 AM
The problem is solved.
The fact was that, as is the gateway ip address of the proxy server.
If you register ip address tsistso then everything works.
Thanks for the advice and help.
09-24-2013 05:49 PM
I following your suggestion to the T and I cannot get my IIS server to come up. i have disabled FW, NO AV, no matter what I try I cannot get to the server. I can post the config if you have the time to tell me wtf I am doing wrong.
Thanks
03-06-2013 12:58 AM
Hi Roberto,
Are you done with the configuration? its successfull or not? because i have this problem either.
- Bara
03-06-2013 01:53 AM
Hi,
I went as far as changing my own ASA software from 8.4(5) to 9.1(1) and ASDM 7.1(1)52. I use the other software as there are some bugs related to NAT on the 9.1(1) software
I dont personally ever use ASDM for NAT and ACL configurations but here is how I would configure Port Forward / Static PAT through the ASDM
Go to Configuration -> Firewall -> NAT Rules -> Right Mouse Click to open the menu -> Choose Add "Network Object" NAT Rule
It will open the following window which you can configure in the following way
Where
Next click Advanced on the window, it will open the following window, where you can fill the port and interface information
Where
Finally Click Ok on all windows and then Apply
The ASDM will insert the configurations in CLI format to the ASA
object network PORT-FORWARD
host 10.0.0.100
nat (LAN,WAN) static interface service tcp 1111 2222
As you can see pretty simple configurations on the CLI instead of jumping between different windows and options on the ASDM.
Naturally you will need an ACL allowing this traffic also from the "outside" or "WAN" interface, whatever you are using.
You will need to open the traffic by using the REAL IP and REAL PORT
So for example the ACL rule allowing this traffic from Internet could look like this
access-list WAN-IN extended permit tcp host 1.1.1.1 object PORT-FORWARD eq 1111
Please rate if the information has been helpfull
- Jouni
07-12-2015 07:31 PM
Long dead thread, but this saved my assignment tonight.
thanks!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide