Solved: Re: RDP access

dave love · ‎02-07-2020

Can someone tell me how to make this work? I'm an asa guy this is all new. I just want to open rdp to my desktop.

Rob Ingram · ‎02-07-2020

Go to Objects, then select Security Zones ensure that all of the inside interfaces are a member of the inside_zone.

Run packet-tracer from the CLI to simulate the traffic and post the output for review.

View solution in original post

Rob Ingram · ‎02-07-2020

Hi,
Remove the source port on the ACL and try again.

HTH

dave love · ‎02-07-2020

Still not working

Rob Ingram · ‎02-07-2020

Try this....

dave love · ‎02-07-2020

I don't have an inside space just the inside ports so I don't know if that matters. Not connecting. I've tried everything.

Rob Ingram · ‎02-07-2020

From the CLI provide the output of "show nat detail" and "show access-list"

dave love · ‎02-07-2020

@Rob Ingram wrote:
From the CLI provide the output of "show nat detail" and "show access-list"

> show nat detail

Manual NAT Policies (Section 1)

1 (any) to (outside) source static Desktop interface service _|NatOrigSvc_c44e1f8

3-49d4-11ea-ad4b-51118e66ae1d _|NatMappedSvc_c44e1f83-49d4-11ea-ad4b-51118e66ae1d

translate_hits = 0, untranslate_hits = 0

Source - Origin: 192.168.1.54/32, Translated: 99.11.130.17/22

Service - Origin: tcp source eq 3389 , Translated: tcp source eq 3389

2 (inside_8) to (outside) source dynamic any-ipv4 interface

translate_hits = 87579, untranslate_hits = 1154

Source - Origin: 0.0.0.0/0, Translated: 99.11.130.17/22

3 (inside_7) to (outside) source dynamic any-ipv4 interface

translate_hits = 0, untranslate_hits = 0

Source - Origin: 0.0.0.0/0, Translated: 99.11.130.17/22

4 (inside_6) to (outside) source dynamic any-ipv4 interface

translate_hits = 0, untranslate_hits = 0

Source - Origin: 0.0.0.0/0, Translated: 99.11.130.17/22

5 (inside_5) to (outside) source dynamic any-ipv4 interface

translate_hits = 326337, untranslate_hits = 753

Source - Origin: 0.0.0.0/0, Translated: 99.11.130.17/22

6 (inside_4) to (outside) source dynamic any-ipv4 interface

translate_hits = 0, untranslate_hits = 0

Source - Origin: 0.0.0.0/0, Translated: 99.11.130.17/22

7 (inside_3) to (outside) source dynamic any-ipv4 interface

translate_hits = 0, untranslate_hits = 0

Source - Origin: 0.0.0.0/0, Translated: 99.11.130.17/22

8 (inside_2) to (outside) source dynamic any-ipv4 interface

translate_hits = 0, untranslate_hits = 0

Source - Origin: 0.0.0.0/0, Translated: 99.11.130.17/22

Auto NAT Policies (Section 2)

1 (nlp_int_tap) to (inside_8) source static nlp_server_0_http_intf10 interface se

rvice tcp https https

translate_hits = 0, untranslate_hits = 964

Source - Origin: 169.254.1.3/32, Translated: 192.168.1.1/24

Service - Protocol: tcp Real: https Mapped: https

2 (nlp_int_tap) to (inside_2) source static nlp_server_0_http_intf4 interface ser

vice tcp https https

translate_hits = 0, untranslate_hits = 287

Source - Origin: 169.254.1.3/32, Translated: 192.168.1.1/24

Service - Protocol: tcp Real: https Mapped: https

3 (nlp_int_tap) to (inside_3) source static nlp_server_0_http_intf5 interface ser

vice tcp https https

translate_hits = 0, untranslate_hits = 0

Source - Origin: 169.254.1.3/32, Translated: 192.168.1.1/24

Service - Protocol: tcp Real: https Mapped: https

4 (nlp_int_tap) to (inside_4) source static nlp_server_0_http_intf6 interface ser

vice tcp https https

translate_hits = 0, untranslate_hits = 0

Source - Origin: 169.254.1.3/32, Translated: 192.168.1.1/24

Service - Protocol: tcp Real: https Mapped: https

5 (nlp_int_tap) to (inside_5) source static nlp_server_0_http_intf7 interface ser

vice tcp https https

translate_hits = 0, untranslate_hits = 472

Source - Origin: 169.254.1.3/32, Translated: 192.168.1.1/24

Service - Protocol: tcp Real: https Mapped: https

6 (nlp_int_tap) to (inside_6) source static nlp_server_0_http_intf8 interface ser

vice tcp https https

translate_hits = 0, untranslate_hits = 1367

Source - Origin: 169.254.1.3/32, Translated: 192.168.1.1/24

Service - Protocol: tcp Real: https Mapped: https

7 (nlp_int_tap) to (inside_8) source dynamic nlp_client_0_intf10 interface

translate_hits = 0, untranslate_hits = 0

Source - Origin: 169.254.1.3/32, Translated: 192.168.1.1/24

8 (nlp_int_tap) to (diagnostic) source dynamic nlp_client_0_intf2 interface

translate_hits = 0, untranslate_hits = 0

Source - Origin: 169.254.1.3/32, Translated: 0.0.0.0/32

9 (nlp_int_tap) to (outside) source dynamic nlp_client_0_intf3 interface

translate_hits = 37446, untranslate_hits = 73

Source - Origin: 169.254.1.3/32, Translated: 99.11.130.17/22

10 (nlp_int_tap) to (inside_2) source dynamic nlp_client_0_intf4 interface

translate_hits = 0, untranslate_hits = 0

Source - Origin: 169.254.1.3/32, Translated: 192.168.1.1/24

11 (nlp_int_tap) to (inside_3) source dynamic nlp_client_0_intf5 interface

translate_hits = 0, untranslate_hits = 0

Source - Origin: 169.254.1.3/32, Translated: 192.168.1.1/24

12 (nlp_int_tap) to (inside_4) source dynamic nlp_client_0_intf6 interface

translate_hits = 0, untranslate_hits = 0

Source - Origin: 169.254.1.3/32, Translated: 192.168.1.1/24

13 (nlp_int_tap) to (inside_5) source dynamic nlp_client_0_intf7 interface

translate_hits = 0, untranslate_hits = 0

Source - Origin: 169.254.1.3/32, Translated: 192.168.1.1/24

14 (nlp_int_tap) to (inside_6) source dynamic nlp_client_0_intf8 interface

translate_hits = 0, untranslate_hits = 0

Source - Origin: 169.254.1.3/32, Translated: 192.168.1.1/24

15 (nlp_int_tap) to (inside_7) source dynamic nlp_client_0_intf9 interface

translate_hits = 0, untranslate_hits = 0

Source - Origin: 169.254.1.3/32, Translated: 0.0.0.0/32

16 (nlp_int_tap) to (inside_8) source dynamic nlp_client_0_ipv6_intf10 interface i

pv6

translate_hits = 0, untranslate_hits = 0

Source - Origin: fd00:0:0:1::3/128, Translated:

17 (nlp_int_tap) to (diagnostic) source dynamic nlp_client_0_ipv6_intf2 interface

ipv6

translate_hits = 0, untranslate_hits = 0

Source - Origin: fd00:0:0:1::3/128, Translated:

18 (nlp_int_tap) to (outside) source dynamic nlp_client_0_ipv6_intf3 interface ipv

6

translate_hits = 0, untranslate_hits = 0

Source - Origin: fd00:0:0:1::3/128, Translated:

19 (nlp_int_tap) to (inside_2) source dynamic nlp_client_0_ipv6_intf4 interface ip

v6

translate_hits = 0, untranslate_hits = 0

Source - Origin: fd00:0:0:1::3/128, Translated:

20 (nlp_int_tap) to (inside_3) source dynamic nlp_client_0_ipv6_intf5 interface ip

v6

translate_hits = 0, untranslate_hits = 0

Source - Origin: fd00:0:0:1::3/128, Translated:

21 (nlp_int_tap) to (inside_4) source dynamic nlp_client_0_ipv6_intf6 interface ip

v6

translate_hits = 0, untranslate_hits = 0

Source - Origin: fd00:0:0:1::3/128, Translated:

22 (nlp_int_tap) to (inside_5) source dynamic nlp_client_0_ipv6_intf7 interface ip

v6

translate_hits = 0, untranslate_hits = 0

Source - Origin: fd00:0:0:1::3/128, Translated:

23 (nlp_int_tap) to (inside_6) source dynamic nlp_client_0_ipv6_intf8 interface ip

v6

translate_hits = 0, untranslate_hits = 0

Source - Origin: fd00:0:0:1::3/128, Translated:

24 (nlp_int_tap) to (inside_7) source dynamic nlp_client_0_ipv6_intf9 interface ip

v6

translate_hits = 0, untranslate_hits = 0

Source - Origin: fd00:0:0:1::3/128, Translated:

dave love · ‎02-07-2020

> show access-list

access-list cached ACL log flows: total 0, denied 0 (deny-flow-max 4096)

alert-interval 300

access-list NGFW_ONBOX_ACL; 64 elements; name hash: 0xf5cc3f88

access-list NGFW_ONBOX_ACL line 1 remark rule-id 268435458: ACCESS POLICY: NGFW_

Access_Policy

access-list NGFW_ONBOX_ACL line 2 remark rule-id 268435458: L5 RULE: Inside_Insi

de_Rule

access-list NGFW_ONBOX_ACL line 3 advanced trust object-group |acSvcg-268435458

ifc inside_2 any ifc inside_2 any rule-id 268435458 event-log both (hitcnt=0) 0x

c3017673

access-list NGFW_ONBOX_ACL line 3 advanced trust ip ifc inside_2 any ifc insid

e_2 any rule-id 268435458 event-log both (hitcnt=0) 0xc5bf45b5

access-list NGFW_ONBOX_ACL line 4 advanced trust object-group |acSvcg-268435458

ifc inside_2 any ifc inside_3 any rule-id 268435458 event-log both (hitcnt=0) 0x

8a86cece

access-list NGFW_ONBOX_ACL line 4 advanced trust ip ifc inside_2 any ifc insid

e_3 any rule-id 268435458 event-log both (hitcnt=0) 0x8bfbb615

access-list NGFW_ONBOX_ACL line 5 advanced trust object-group |acSvcg-268435458

ifc inside_2 any ifc inside_4 any rule-id 268435458 event-log both (hitcnt=0) 0x

e6e152cc

access-list NGFW_ONBOX_ACL line 5 advanced trust ip ifc inside_2 any ifc insid

e_4 any rule-id 268435458 event-log both (hitcnt=0) 0xb4043a7b

access-list NGFW_ONBOX_ACL line 6 advanced trust object-group |acSvcg-268435458

ifc inside_2 any ifc inside_5 any rule-id 268435458 event-log both (hitcnt=5195)

0x8320d481

access-list NGFW_ONBOX_ACL line 6 advanced trust ip ifc inside_2 any ifc insid

e_5 any rule-id 268435458 event-log both (hitcnt=5195) 0xcc394f29

access-list NGFW_ONBOX_ACL line 7 advanced trust object-group |acSvcg-268435458

ifc inside_2 any ifc inside_6 any rule-id 268435458 event-log both (hitcnt=0) 0x

afd4a3c5

access-list NGFW_ONBOX_ACL line 7 advanced trust ip ifc inside_2 any ifc insid

e_6 any rule-id 268435458 event-log both (hitcnt=0) 0x84d1a050

access-list NGFW_ONBOX_ACL line 8 advanced trust object-group |acSvcg-268435458

ifc inside_2 any ifc inside_7 any rule-id 268435458 event-log both (hitcnt=0) 0x

1c86ca05

access-list NGFW_ONBOX_ACL line 8 advanced trust ip ifc inside_2 any ifc insid

e_7 any rule-id 268435458 event-log both (hitcnt=0) 0xe77aff01

access-list NGFW_ONBOX_ACL line 9 advanced trust object-group |acSvcg-268435458

ifc inside_2 any ifc inside_8 any rule-id 268435458 event-log both (hitcnt=4903)

0x1eb08447

access-list NGFW_ONBOX_ACL line 9 advanced trust ip ifc inside_2 any ifc insid

e_8 any rule-id 268435458 event-log both (hitcnt=4903) 0x0971a867

access-list NGFW_ONBOX_ACL line 10 advanced trust object-group |acSvcg-268435458

ifc inside_3 any ifc inside_2 any rule-id 268435458 event-log both (hitcnt=0) 0

x1ebfaeea

access-list NGFW_ONBOX_ACL line 10 advanced trust ip ifc inside_3 any ifc insi

de_2 any rule-id 268435458 event-log both (hitcnt=0) 0xc7c4121e

access-list NGFW_ONBOX_ACL line 11 advanced trust object-group |acSvcg-268435458

ifc inside_3 any ifc inside_3 any rule-id 268435458 event-log both (hitcnt=0) 0

x4d2bb4b0

access-list NGFW_ONBOX_ACL line 11 advanced trust ip ifc inside_3 any ifc insi

de_3 any rule-id 268435458 event-log both (hitcnt=0) 0x1fd7cff4

access-list NGFW_ONBOX_ACL line 12 advanced trust object-group |acSvcg-268435458

ifc inside_3 any ifc inside_4 any rule-id 268435458 event-log both (hitcnt=0) 0

x141a84a4

access-list NGFW_ONBOX_ACL line 12 advanced trust ip ifc inside_3 any ifc insi

de_4 any rule-id 268435458 event-log both (hitcnt=0) 0x2a6a8646

access-list NGFW_ONBOX_ACL line 13 advanced trust object-group |acSvcg-268435458

ifc inside_3 any ifc inside_5 any rule-id 268435458 event-log both (hitcnt=0) 0

xd9b9c32a

access-list NGFW_ONBOX_ACL line 13 advanced trust ip ifc inside_3 any ifc insi

de_5 any rule-id 268435458 event-log both (hitcnt=0) 0x5bdd2dbc

access-list NGFW_ONBOX_ACL line 14 advanced trust object-group |acSvcg-268435458

ifc inside_3 any ifc inside_6 any rule-id 268435458 event-log both (hitcnt=0) 0

x948a28ae

access-list NGFW_ONBOX_ACL line 14 advanced trust ip ifc inside_3 any ifc insi

de_6 any rule-id 268435458 event-log both (hitcnt=0) 0x58f7c891

access-list NGFW_ONBOX_ACL line 15 advanced trust object-group |acSvcg-268435458

ifc inside_3 any ifc inside_7 any rule-id 268435458 event-log both (hitcnt=0) 0

xedb0fbb5

access-list NGFW_ONBOX_ACL line 15 advanced trust ip ifc inside_3 any ifc insi

de_7 any rule-id 268435458 event-log both (hitcnt=0) 0x6b5a01a0

access-list NGFW_ONBOX_ACL line 16 advanced trust object-group |acSvcg-268435458

ifc inside_3 any ifc inside_8 any rule-id 268435458 event-log both (hitcnt=0) 0

x494951bf

access-list NGFW_ONBOX_ACL line 16 advanced trust ip ifc inside_3 any ifc insi

de_8 any rule-id 268435458 event-log both (hitcnt=0) 0x784272c8

access-list NGFW_ONBOX_ACL line 17 advanced trust object-group |acSvcg-268435458

ifc inside_4 any ifc inside_2 any rule-id 268435458 event-log both (hitcnt=0) 0

x0838c77f

access-list NGFW_ONBOX_ACL line 17 advanced trust ip ifc inside_4 any ifc insi

de_2 any rule-id 268435458 event-log both (hitcnt=0) 0x648b97b3

access-list NGFW_ONBOX_ACL line 18 advanced trust object-group |acSvcg-268435458

ifc inside_4 any ifc inside_3 any rule-id 268435458 event-log both (hitcnt=0) 0

xb167ce91

access-list NGFW_ONBOX_ACL line 18 advanced trust ip ifc inside_4 any ifc insi

de_3 any rule-id 268435458 event-log both (hitcnt=0) 0x7b80b395

access-list NGFW_ONBOX_ACL line 19 advanced trust object-group |acSvcg-268435458

ifc inside_4 any ifc inside_4 any rule-id 268435458 event-log both (hitcnt=0) 0

x457fd0a3

access-list NGFW_ONBOX_ACL line 19 advanced trust ip ifc inside_4 any ifc insi

de_4 any rule-id 268435458 event-log both (hitcnt=0) 0xa5d5083b

access-list NGFW_ONBOX_ACL line 20 advanced trust object-group |acSvcg-268435458

ifc inside_4 any ifc inside_5 any rule-id 268435458 event-log both (hitcnt=0) 0

x660c2ece

access-list NGFW_ONBOX_ACL line 20 advanced trust ip ifc inside_4 any ifc insi

de_5 any rule-id 268435458 event-log both (hitcnt=0) 0x7592b19f

access-list NGFW_ONBOX_ACL line 21 advanced trust object-group |acSvcg-268435458

ifc inside_4 any ifc inside_6 any rule-id 268435458 event-log both (hitcnt=0) 0

xb7c30b12

access-list NGFW_ONBOX_ACL line 21 advanced trust ip ifc inside_4 any ifc insi

de_6 any rule-id 268435458 event-log both (hitcnt=0) 0x1aa7cf03

access-list NGFW_ONBOX_ACL line 22 advanced trust object-group |acSvcg-268435458

ifc inside_4 any ifc inside_7 any rule-id 268435458 event-log both (hitcnt=0) 0

x9db3a2f2

access-list NGFW_ONBOX_ACL line 22 advanced trust ip ifc inside_4 any ifc insi

de_7 any rule-id 268435458 event-log both (hitcnt=0) 0xabd4912d

access-list NGFW_ONBOX_ACL line 23 advanced trust object-group |acSvcg-268435458

ifc inside_4 any ifc inside_8 any rule-id 268435458 event-log both (hitcnt=0) 0

xdbc2da7d

access-list NGFW_ONBOX_ACL line 23 advanced trust ip ifc inside_4 any ifc insi

de_8 any rule-id 268435458 event-log both (hitcnt=0) 0x4bad16b1

access-list NGFW_ONBOX_ACL line 24 advanced trust object-group |acSvcg-268435458

ifc inside_5 any ifc inside_2 any rule-id 268435458 event-log both (hitcnt=1093

2) 0x246b78ab

access-list NGFW_ONBOX_ACL line 24 advanced trust ip ifc inside_5 any ifc insi

de_2 any rule-id 268435458 event-log both (hitcnt=10932) 0x19de2a2b

access-list NGFW_ONBOX_ACL line 25 advanced trust object-group |acSvcg-268435458

ifc inside_5 any ifc inside_3 any rule-id 268435458 event-log both (hitcnt=0) 0

xef244286

access-list NGFW_ONBOX_ACL line 25 advanced trust ip ifc inside_5 any ifc insi

de_3 any rule-id 268435458 event-log both (hitcnt=0) 0xd5ffb5ab

access-list NGFW_ONBOX_ACL line 26 advanced trust object-group |acSvcg-268435458

ifc inside_5 any ifc inside_4 any rule-id 268435458 event-log both (hitcnt=0) 0

xbde17efa

access-list NGFW_ONBOX_ACL line 26 advanced trust ip ifc inside_5 any ifc insi

de_4 any rule-id 268435458 event-log both (hitcnt=0) 0xf7d04422

access-list NGFW_ONBOX_ACL line 27 advanced trust object-group |acSvcg-268435458

ifc inside_5 any ifc inside_5 any rule-id 268435458 event-log both (hitcnt=20)

0xf96ac828

access-list NGFW_ONBOX_ACL line 27 advanced trust ip ifc inside_5 any ifc insi

de_5 any rule-id 268435458 event-log both (hitcnt=20) 0x8fc6b406

access-list NGFW_ONBOX_ACL line 28 advanced trust object-group |acSvcg-268435458

ifc inside_5 any ifc inside_6 any rule-id 268435458 event-log both (hitcnt=0) 0

xb023c749

access-list NGFW_ONBOX_ACL line 28 advanced trust ip ifc inside_5 any ifc insi

de_6 any rule-id 268435458 event-log both (hitcnt=0) 0x02d441b1

access-list NGFW_ONBOX_ACL line 29 advanced trust object-group |acSvcg-268435458

ifc inside_5 any ifc inside_7 any rule-id 268435458 event-log both (hitcnt=0) 0

x9777fa4f

access-list NGFW_ONBOX_ACL line 29 advanced trust ip ifc inside_5 any ifc insi

de_7 any rule-id 268435458 event-log both (hitcnt=0) 0x308a0394

access-list NGFW_ONBOX_ACL line 30 advanced trust object-group |acSvcg-268435458

ifc inside_5 any ifc inside_8 any rule-id 268435458 event-log both (hitcnt=1114

0) 0x456779d0

access-list NGFW_ONBOX_ACL line 30 advanced trust ip ifc inside_5 any ifc insi

de_8 any rule-id 268435458 event-log both (hitcnt=11140) 0xd3fc6d03

access-list NGFW_ONBOX_ACL line 31 advanced trust object-group |acSvcg-268435458

ifc inside_6 any ifc inside_2 any rule-id 268435458 event-log both (hitcnt=0) 0

x5c7eca87

access-list NGFW_ONBOX_ACL line 31 advanced trust ip ifc inside_6 any ifc insi

de_2 any rule-id 268435458 event-log both (hitcnt=0) 0x5e1d4aed

access-list NGFW_ONBOX_ACL line 32 advanced trust object-group |acSvcg-268435458

ifc inside_6 any ifc inside_3 any rule-id 268435458 event-log both (hitcnt=0) 0

x8350bce9

access-list NGFW_ONBOX_ACL line 32 advanced trust ip ifc inside_6 any ifc insi

de_3 any rule-id 268435458 event-log both (hitcnt=0) 0x24bc3a5a

access-list NGFW_ONBOX_ACL line 33 advanced trust object-group |acSvcg-268435458

ifc inside_6 any ifc inside_4 any rule-id 268435458 event-log both (hitcnt=0) 0

x24e4e16b

access-list NGFW_ONBOX_ACL line 33 advanced trust ip ifc inside_6 any ifc insi

de_4 any rule-id 268435458 event-log both (hitcnt=0) 0xbe0bb845

access-list NGFW_ONBOX_ACL line 34 advanced trust object-group |acSvcg-268435458

ifc inside_6 any ifc inside_5 any rule-id 268435458 event-log both (hitcnt=0) 0

x7fb90397

access-list NGFW_ONBOX_ACL line 34 advanced trust ip ifc inside_6 any ifc insi

de_5 any rule-id 268435458 event-log both (hitcnt=0) 0xe0da8b54

access-list NGFW_ONBOX_ACL line 35 advanced trust object-group |acSvcg-268435458

ifc inside_6 any ifc inside_6 any rule-id 268435458 event-log both (hitcnt=0) 0

xc0655bf8

access-list NGFW_ONBOX_ACL line 35 advanced trust ip ifc inside_6 any ifc insi

de_6 any rule-id 268435458 event-log both (hitcnt=0) 0xf64b48b8

access-list NGFW_ONBOX_ACL line 36 advanced trust object-group |acSvcg-268435458

ifc inside_6 any ifc inside_7 any rule-id 268435458 event-log both (hitcnt=0) 0

x93f0615d

access-list NGFW_ONBOX_ACL line 36 advanced trust ip ifc inside_6 any ifc insi

de_7 any rule-id 268435458 event-log both (hitcnt=0) 0x4ae2d320

access-list NGFW_ONBOX_ACL line 37 advanced trust object-group |acSvcg-268435458

ifc inside_6 any ifc inside_8 any rule-id 268435458 event-log both (hitcnt=0) 0

x0f778fa2

access-list NGFW_ONBOX_ACL line 37 advanced trust ip ifc inside_6 any ifc insi

de_8 any rule-id 268435458 event-log both (hitcnt=0) 0xce9c3181

access-list NGFW_ONBOX_ACL line 38 advanced trust object-group |acSvcg-268435458

ifc inside_7 any ifc inside_2 any rule-id 268435458 event-log both (hitcnt=0) 0

x8384ab7c

access-list NGFW_ONBOX_ACL line 38 advanced trust ip ifc inside_7 any ifc insi

de_2 any rule-id 268435458 event-log both (hitcnt=0) 0x240cb12b

access-list NGFW_ONBOX_ACL line 39 advanced trust object-group |acSvcg-268435458

ifc inside_7 any ifc inside_3 any rule-id 268435458 event-log both (hitcnt=0) 0

x20988668

access-list NGFW_ONBOX_ACL line 39 advanced trust ip ifc inside_7 any ifc insi

de_3 any rule-id 268435458 event-log both (hitcnt=0) 0x0c104cad

access-list NGFW_ONBOX_ACL line 40 advanced trust object-group |acSvcg-268435458

ifc inside_7 any ifc inside_4 any rule-id 268435458 event-log both (hitcnt=0) 0

x2d251214

access-list NGFW_ONBOX_ACL line 40 advanced trust ip ifc inside_7 any ifc insi

de_4 any rule-id 268435458 event-log both (hitcnt=0) 0x5987df09

access-list NGFW_ONBOX_ACL line 41 advanced trust object-group |acSvcg-268435458

ifc inside_7 any ifc inside_5 any rule-id 268435458 event-log both (hitcnt=0) 0

x490bcfa9

access-list NGFW_ONBOX_ACL line 41 advanced trust ip ifc inside_7 any ifc insi

de_5 any rule-id 268435458 event-log both (hitcnt=0) 0x555c9fa2

access-list NGFW_ONBOX_ACL line 42 advanced trust object-group |acSvcg-268435458

ifc inside_7 any ifc inside_6 any rule-id 268435458 event-log both (hitcnt=0) 0

xfd092ecf

access-list NGFW_ONBOX_ACL line 42 advanced trust ip ifc inside_7 any ifc insi

de_6 any rule-id 268435458 event-log both (hitcnt=0) 0xe0ae1e2e

access-list NGFW_ONBOX_ACL line 43 advanced trust object-group |acSvcg-268435458

ifc inside_7 any ifc inside_7 any rule-id 268435458 event-log both (hitcnt=0) 0

xf01174b6

access-list NGFW_ONBOX_ACL line 43 advanced trust ip ifc inside_7 any ifc insi

de_7 any rule-id 268435458 event-log both (hitcnt=0) 0xa3ffcd05

access-list NGFW_ONBOX_ACL line 44 advanced trust object-group |acSvcg-268435458

ifc inside_7 any ifc inside_8 any rule-id 268435458 event-log both (hitcnt=0) 0

x6ca208c5

access-list NGFW_ONBOX_ACL line 44 advanced trust ip ifc inside_7 any ifc insi

de_8 any rule-id 268435458 event-log both (hitcnt=0) 0x6506f63f

access-list NGFW_ONBOX_ACL line 45 advanced trust object-group |acSvcg-268435458

ifc inside_8 any ifc inside_2 any rule-id 268435458 event-log both (hitcnt=7692

) 0x0574661c

access-list NGFW_ONBOX_ACL line 45 advanced trust ip ifc inside_8 any ifc insi

de_2 any rule-id 268435458 event-log both (hitcnt=7692) 0x5308973c

access-list NGFW_ONBOX_ACL line 46 advanced trust object-group |acSvcg-268435458

ifc inside_8 any ifc inside_3 any rule-id 268435458 event-log both (hitcnt=0) 0

x7c839bfe

access-list NGFW_ONBOX_ACL line 46 advanced trust ip ifc inside_8 any ifc insi

de_3 any rule-id 268435458 event-log both (hitcnt=0) 0x47420fb5

access-list NGFW_ONBOX_ACL line 47 advanced trust object-group |acSvcg-268435458

ifc inside_8 any ifc inside_4 any rule-id 268435458 event-log both (hitcnt=0) 0

x6b565376

access-list NGFW_ONBOX_ACL line 47 advanced trust ip ifc inside_8 any ifc insi

de_4 any rule-id 268435458 event-log both (hitcnt=0) 0x55010c6f

access-list NGFW_ONBOX_ACL line 48 advanced trust object-group |acSvcg-268435458

ifc inside_8 any ifc inside_5 any rule-id 268435458 event-log both (hitcnt=9959

) 0xa8fd0ca0

access-list NGFW_ONBOX_ACL line 48 advanced trust ip ifc inside_8 any ifc insi

de_5 any rule-id 268435458 event-log both (hitcnt=9959) 0x0b3685e2

access-list NGFW_ONBOX_ACL line 49 advanced trust object-group |acSvcg-268435458

ifc inside_8 any ifc inside_6 any rule-id 268435458 event-log both (hitcnt=0) 0

x0fba0cec

access-list NGFW_ONBOX_ACL line 49 advanced trust ip ifc inside_8 any ifc insi

de_6 any rule-id 268435458 event-log both (hitcnt=0) 0x3d4625a8

access-list NGFW_ONBOX_ACL line 50 advanced trust object-group |acSvcg-268435458

ifc inside_8 any ifc inside_7 any rule-id 268435458 event-log both (hitcnt=0) 0

xf7cc4d5b

access-list NGFW_ONBOX_ACL line 50 advanced trust ip ifc inside_8 any ifc insi

de_7 any rule-id 268435458 event-log both (hitcnt=0) 0xdbfc73ab

access-list NGFW_ONBOX_ACL line 51 advanced trust object-group |acSvcg-268435458

ifc inside_8 any ifc inside_8 any rule-id 268435458 event-log both (hitcnt=0) 0

x2254d1e9

access-list NGFW_ONBOX_ACL line 51 advanced trust ip ifc inside_8 any ifc insi

de_8 any rule-id 268435458 event-log both (hitcnt=0) 0x6871cc18

access-list NGFW_ONBOX_ACL line 52 remark rule-id 268435457: ACCESS POLICY: NGFW

_Access_Policy

access-list NGFW_ONBOX_ACL line 53 remark rule-id 268435457: L5 RULE: Inside_Out

side_Rule

access-list NGFW_ONBOX_ACL line 54 advanced trust object-group |acSvcg-268435457

ifc inside_2 any ifc outside any rule-id 268435457 event-log both (hitcnt=0) 0x

aad07f94

access-list NGFW_ONBOX_ACL line 54 advanced trust ip ifc inside_2 any ifc outs

ide any rule-id 268435457 event-log both (hitcnt=0) 0xd874e1cb

access-list NGFW_ONBOX_ACL line 55 advanced trust object-group |acSvcg-268435457

ifc inside_3 any ifc outside any rule-id 268435457 event-log both (hitcnt=0) 0x

95bd29d7

access-list NGFW_ONBOX_ACL line 55 advanced trust ip ifc inside_3 any ifc outs

ide any rule-id 268435457 event-log both (hitcnt=0) 0x35eb1191

access-list NGFW_ONBOX_ACL line 56 advanced trust object-group |acSvcg-268435457

ifc inside_4 any ifc outside any rule-id 268435457 event-log both (hitcnt=0) 0x

789a119d

access-list NGFW_ONBOX_ACL line 56 advanced trust ip ifc inside_4 any ifc outs

ide any rule-id 268435457 event-log both (hitcnt=0) 0x35ef3b1a

access-list NGFW_ONBOX_ACL line 57 advanced trust object-group |acSvcg-268435457

ifc inside_5 any ifc outside any rule-id 268435457 event-log both (hitcnt=46223

6) 0x85610ca8

access-list NGFW_ONBOX_ACL line 57 advanced trust ip ifc inside_5 any ifc outs

ide any rule-id 268435457 event-log both (hitcnt=462236) 0x07160b27

access-list NGFW_ONBOX_ACL line 58 advanced trust object-group |acSvcg-268435457

ifc inside_6 any ifc outside any rule-id 268435457 event-log both (hitcnt=0) 0x

3f3ad6a8

access-list NGFW_ONBOX_ACL line 58 advanced trust ip ifc inside_6 any ifc outs

ide any rule-id 268435457 event-log both (hitcnt=0) 0x077fdf2e

access-list NGFW_ONBOX_ACL line 59 advanced trust object-group |acSvcg-268435457

ifc inside_7 any ifc outside any rule-id 268435457 event-log both (hitcnt=0) 0x

5eec42d8

access-list NGFW_ONBOX_ACL line 59 advanced trust ip ifc inside_7 any ifc outs

ide any rule-id 268435457 event-log both (hitcnt=0) 0x792be557

access-list NGFW_ONBOX_ACL line 60 advanced trust object-group |acSvcg-268435457

ifc inside_8 any ifc outside any rule-id 268435457 event-log both (hitcnt=11556

8) 0xc5feb5e7

access-list NGFW_ONBOX_ACL line 60 advanced trust ip ifc inside_8 any ifc outs

ide any rule-id 268435457 event-log both (hitcnt=115568) 0x02ab456d

access-list NGFW_ONBOX_ACL line 61 remark rule-id 268435459: ACCESS POLICY: NGFW

_Access_Policy

access-list NGFW_ONBOX_ACL line 62 remark rule-id 268435459: L5 RULE: RDP

access-list NGFW_ONBOX_ACL line 63 advanced permit object-group |acSvcg-26843545

9 ifc outside any ifc inside_2 object Desktop rule-id 268435459 (hitcnt=0) 0xbcb

4863c

access-list NGFW_ONBOX_ACL line 63 advanced permit tcp ifc outside any ifc ins

ide_2 host 192.168.1.54 eq 3389 rule-id 268435459 (hitcnt=0) 0xc35dabc5

access-list NGFW_ONBOX_ACL line 64 advanced permit object-group |acSvcg-26843545

9 ifc outside any ifc inside_3 object Desktop rule-id 268435459 (hitcnt=0) 0x287

22fc5

access-list NGFW_ONBOX_ACL line 64 advanced permit tcp ifc outside any ifc ins

ide_3 host 192.168.1.54 eq 3389 rule-id 268435459 (hitcnt=0) 0xe87b9674

access-list NGFW_ONBOX_ACL line 65 advanced permit object-group |acSvcg-26843545

9 ifc outside any ifc inside_4 object Desktop rule-id 268435459 (hitcnt=0) 0x68d

8817b

access-list NGFW_ONBOX_ACL line 65 advanced permit tcp ifc outside any ifc ins

ide_4 host 192.168.1.54 eq 3389 rule-id 268435459 (hitcnt=0) 0xfcde5df2

access-list NGFW_ONBOX_ACL line 66 advanced permit object-group |acSvcg-26843545

9 ifc outside any ifc inside_5 object Desktop rule-id 268435459 (hitcnt=0) 0x36f

66223

access-list NGFW_ONBOX_ACL line 66 advanced permit tcp ifc outside any ifc ins

ide_5 host 192.168.1.54 eq 3389 rule-id 268435459 (hitcnt=0) 0xee417104

access-list NGFW_ONBOX_ACL line 67 advanced permit object-group |acSvcg-26843545

9 ifc outside any ifc inside_6 object Desktop rule-id 268435459 (hitcnt=0) 0xeb0

8fc14

access-list NGFW_ONBOX_ACL line 67 advanced permit tcp ifc outside any ifc ins

ide_6 host 192.168.1.54 eq 3389 rule-id 268435459 (hitcnt=0) 0x0fc5483a

access-list NGFW_ONBOX_ACL line 68 advanced permit object-group |acSvcg-26843545

9 ifc outside any ifc inside_7 object Desktop rule-id 268435459 (hitcnt=0) 0x8bf

cb44e

access-list NGFW_ONBOX_ACL line 68 advanced permit tcp ifc outside any ifc ins

ide_7 host 192.168.1.54 eq 3389 rule-id 268435459 (hitcnt=0) 0x08b60160

access-list NGFW_ONBOX_ACL line 69 advanced permit object-group |acSvcg-26843545

9 ifc outside any ifc inside_8 object Desktop rule-id 268435459 (hitcnt=0) 0xd8e

57e8b

access-list NGFW_ONBOX_ACL line 69 advanced permit tcp ifc outside any ifc ins

ide_8 host 192.168.1.54 eq 3389 rule-id 268435459 (hitcnt=0) 0xcfb5d680

access-list NGFW_ONBOX_ACL line 70 remark rule-id 1: ACCESS POLICY: NGFW_Access_

Policy

access-list NGFW_ONBOX_ACL line 71 remark rule-id 1: L5 RULE: DefaultActionRule

access-list NGFW_ONBOX_ACL line 72 advanced deny ip any any rule-id 1 (hitcnt=41

476) 0x84953cae

>

Rob Ingram · ‎02-07-2020

Go to Objects, then select Security Zones ensure that all of the inside interfaces are a member of the inside_zone.

Run packet-tracer from the CLI to simulate the traffic and post the output for review.