My users are behind the ASA Firewall in my Network and trying to access the Server through RDP the server Location is at USA.

No idea about client environment but the RDP works in Internet dada card, Through Checkpoint FW and Sonicwall Firewall .

Enclosed the Config File of ASA,

Thanks,

Saroj

Please provide following:

packet-tracer input inside tcp x.x.x.x (inside_user_Ip) 1025 y.y.y.y(RDP_server_ip) 2000

Regards,

Please find the report.

Netlink-OS-ASA# packet-tracer input inside tcp 172.16.48.213 1025 74.94.242.13$

Phase: 1

Type: ACCESS-LIST

Subtype:

Result: ALLOW

Config:

Implicit Rule

Additional Information:

MAC Access list

Phase: 2

Type: FLOW-LOOKUP

Subtype:

Result: ALLOW

Config:

Additional Information:

Found no matching flow, creating a new flow

Phase: 3

Type: ROUTE-LOOKUP

Subtype: input

Result: ALLOW

Config:

Additional Information:

in 0.0.0.0 0.0.0.0 outside

Phase: 4

Type: ACCESS-LIST

Subtype: log

Result: ALLOW

Config:

access-group inside_access_in_1 in interface inside

access-list inside_access_in_1 extended permit ip any any

Additional Information:

Phase: 5

Type: IP-OPTIONS

Subtype:

Result: ALLOW

Config:

Additional Information:

Phase: 6

Type: INSPECT

Subtype: inspect-skinny

Result: ALLOW

Config:

class-map inspection_default

match default-inspection-traffic

policy-map global_policy

class inspection_default

inspect skinny

service-policy global_policy global

Additional Information:

Phase: 7

Type: NAT

Subtype:

Result: ALLOW

Config:

nat (inside) 1 Block_FromASA_ThroughUntangle1 255.255.255.192

match ip inside Block_FromASA_ThroughUntangle1 255.255.255.192 outside any

dynamic translation to pool 1 (122.168.191.66 )

translate_hits = 59925, untranslate_hits = 345

Additional Information:

Dynamic translate 172.16.48.213/1025 to 122.168.191.66/29284 using netmask 255.255.255.255

Phase: 8

Type: NAT

Subtype: host-limits

Result: ALLOW

Config:

nat (inside) 1 Block_FromASA_ThroughUntangle1 255.255.255.192

match ip inside Block_FromASA_ThroughUntangle1 255.255.255.192 outside any

dynamic translation to pool 1 (122.168.191.66 )

translate_hits = 59925, untranslate_hits = 345

Additional Information:

Phase: 9

Type: ACCESS-LIST

Subtype: log

Result: ALLOW

Config:

access-group outside_access_out out interface outside

access-list outside_access_out extended permit ip any any

Additional Information:

Phase: 10

Type: IP-OPTIONS

Subtype:

Result: ALLOW

Config:

Additional Information:

Phase: 11

Type: FLOW-CREATION

Subtype:

Result: ALLOW

Config:

Additional Information:

New flow created with id 59535332, packet dispatched to next module

Phase: 12

Type: ROUTE-LOOKUP

Subtype: output and adjacency

Result: ALLOW

Config:

Additional Information:

found next-hop 122.168.191.65 using egress ifc outside

adjacency Active

next-hop mac address 0019.2f8e.c639 hits 29742

Result:

input-interface: inside

input-status: up

input-line-status: up

output-interface: outside

output-status: up

output-line-status: up

Action: allow

Thanks,

Saroj

Hello Saroj,

everything looks good.

Please do captures in order to troubleshoot this, captures need it on the inside and outside interface.

http://analysisandreview.com/cisco/how-to-configure-a-packet-capture-in-the-cisco-asa/

http://www.techrepublic.com/blog/networking/easy-packet-captures-straight-from-the-cisco-asa-firewall/1317

Regards,

I have captured the Log from the ASA While conncting the RDP Server.

6

Feb 14 2012

07:19:39

302014

74.94.242.139

3389

172.16.51.10

48312

Teardown TCP connection 59541059 for outside:74.94.242.139/3389 to inside:172.16.51.10/48312 duration 0:00:00 bytes 0 TCP Reset-O

Hello,

That is all we need.. Reset-O

A reset packet is comming from the outside, that is why we should create a packet-capture, we should have seen those packets comming from the server.

Connection is being closed by the RDP server!

Do rate all the helpful posts!!

As  per your  instruction  I have configured on the ASA the following  command to capture packet  but  no result.

Showing 0 packet captured  while trying with RDP  On port 2000 ,

Thanks,

Saroj

access-list capin permit tcp host rdp_client_private_ip host server_outside eq 2000

access-list capin permit tcp  host server_outside eq 2000 host rdp_client_private_ip

access-list capout permit tcp host rdp_client_public_ip host server_outside eq 2000

access-list capout permit tcp host server_outside eq 2000 host rdp_client_public_ip

capture capin access-list capin interface inside

capture capout access-list capout interface outside

i am unbale  to capture  log  due to performance issue .

please find the report.

Netlink-OS-ASA# capture capin access-list capin interface inside real-time dum$

Warning: using this option with a slow console connection may

         result in an excessive amount of non-displayed packets

         due to performance limitations.

Use ctrl-c to terminate real-time capture

0 packets shown.

0 packets not shown due to performance limitations.

hello,

please find the output of the capture packet from  the inside Interface.

Netlink-OS-ASA# capture capin access-list capin interface inside real-time

Warning: using this option with a slow console connection may

         result in an excessive amount of non-displayed packets

         due to performance limitations.

Use ctrl-c to terminate real-time capture

   1: 13:50:54.278138 [|ip]

   2: 13:50:54.592666 [|ip]

   3: 13:50:54.593902 [|ip]

   4: 13:50:54.594329 [|ip]

   5: 13:50:54.594390 [|ip]

   6: 13:51:20.340390 [|ip]

   7: 13:51:20.340467 [|ip]

   8: 13:51:20.657848 [|ip]

   9: 13:51:23.381877 [|ip]

  10: 13:51:23.696527 [|ip]

  11: 13:51:23.697717 [|ip]

  12: 13:51:23.698495 [|ip]

  13: 13:51:23.698557 [|ip]

  14: 13:51:36.024519 [|ip]

  15: 13:51:36.024595 [|ip]

  16: 13:51:36.345120 [|ip]

  17: 13:51:38.761892 [|ip]

  18: 13:51:39.074260 [|ip]

  19: 13:51:39.075054 [|ip]

  20: 13:51:39.075496 [|ip]

  21: 13:51:39.075557 [|ip]

  22: 13:52:27.816180 [|ip]

  23: 13:52:27.816257 [|ip]

  24: 13:52:28.132561 [|ip]

  25: 13:52:31.949459 [|ip]

  26: 13:52:32.265367 [|ip]

  27: 13:52:32.266267 [|ip]

  28: 13:52:32.267060 [|ip]

  29: 13:52:32.267121 [|ip]

29 packets shown.

0 packets not shown due to performance limitations.

Netlink-OS-ASA# sh capture capin access-list capin detail

82 packets captured

0 packet shown

when i tried to capture  from outside interface  no data shown.

Netlink-OS-ASA# capture capout access-list capout interface outside real-time

Warning: using this option with a slow console connection may

         result in an excessive amount of non-displayed packets

         due to performance limitations.

Use ctrl-c to terminate real-time capture

0 packets shown.

0 packets not shown due to performance limitations.

Hello,

please help me resolved the RDP Issue.

Please  help  to get a resolution.

ThanKS,

SAROJ