Hi I need help with doing a port forward for remote desktop with asa5505 9.1.1 and asdm 7.1.1 i could have done this with the previous versions of asdm but now it even more confusing
The format for configuring Static PAT is pretty simple
You configure an "object network", for example
object network SERVER-RDP
nat (lan,wan) static interface service tcp 3389 3389
The above "lan" and "wan" are interface names. If your interfaces are named different like they seem to be looking at the log message then you naturally use those.
The x.x.x.x means the local ip address configured on the actual host on your LAN network. Its not the public IP address.
I still did.
But when asked to external ip address in the logs an error
Teardown TCP connection 6306058 for disbacak:220.127.116.11/29128 to icbacak:10.2.150.5/3389 duration 0:00:30 bytes 0 SYN Timeout
What had I done?
Seems to me that there is some translation already for IP address 10.2.150.5 local IP address and the connection that is taken through the firewall is allowed.
The actual target machine doesnt respond to the connection attempt.
This doesnt seem to be a problem with the firewall. It seems to be a problem with the PC you are trying to connect to.
Its impossible for me to tell you the reason with this information.
I would suggest checking that the actual host is not blocking the connection from the Internet.
It could be some Windows related setting or software firewall or perhaps there is problem with the default gateway configuration of the host (though I would doubt it since it couldnt access Internet through the ASA if this was the case)
The problem is solved.
The fact was that, as is the gateway ip address of the proxy server.
If you register ip address tsistso then everything works.
Thanks for the advice and help.
I following your suggestion to the T and I cannot get my IIS server to come up. i have disabled FW, NO AV, no matter what I try I cannot get to the server. I can post the config if you have the time to tell me wtf I am doing wrong.
I went as far as changing my own ASA software from 8.4(5) to 9.1(1) and ASDM 7.1(1)52. I use the other software as there are some bugs related to NAT on the 9.1(1) software
I dont personally ever use ASDM for NAT and ACL configurations but here is how I would configure Port Forward / Static PAT through the ASDM
Go to Configuration -> Firewall -> NAT Rules -> Right Mouse Click to open the menu -> Choose Add "Network Object" NAT Rule
It will open the following window which you can configure in the following way
Next click Advanced on the window, it will open the following window, where you can fill the port and interface information
Finally Click Ok on all windows and then Apply
The ASDM will insert the configurations in CLI format to the ASA
object network PORT-FORWARD
nat (LAN,WAN) static interface service tcp 1111 2222
As you can see pretty simple configurations on the CLI instead of jumping between different windows and options on the ASDM.
Naturally you will need an ACL allowing this traffic also from the "outside" or "WAN" interface, whatever you are using.
You will need to open the traffic by using the REAL IP and REAL PORT
So for example the ACL rule allowing this traffic from Internet could look like this
access-list WAN-IN extended permit tcp host 18.104.22.168 object PORT-FORWARD eq 1111
Please rate if the information has been helpfull