Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
183
Views
0
Helpful
1
Replies

RDP to ASA behind edge router

ddrougeau
Level 1
Level 1

‎06-15-2015 07:01 AM - edited ‎03-11-2019 11:07 PM

Seeking wisdom for a solution on something that should be relatively easy, but is proving elusive.  My home network is setup like this...multiple internal Vlans (all sec-level 100) --->ASA 5505--->Edge Router--->ISP.  The ASA is doing PAT for all internal networks, and the edge router is doing PAT for the ASA.  All internal networks have internet access and all seems to be well going that direction.

 

What I'm getting stuck on is trying to setup static NAT for RDP coming in.  I know it's probably not a good idea, but this is just a lab environment.

10.1.x.x = outside interface of ASA

10.1.y.y = inside host that I want to RDP to (object name CISCO_WIN7)

Edge router is doing a static translation to the outside interface of the ASA 10.1.x.x

Here's the ASA config:

ACL for RDP to reach inside host 10.1.y.y

Static NAT on ASA.  CISCO_WIN7 is the object for the inside host.

Packet Tracer shows green...but still can't get through

 

Can anyone shed some light on what I'm doing wrong.  Spent a week on this and the frustration level is high to say the least :(

 

 

Labels:
0 Helpful
1 Reply 1

Vibhor Amrodia
Cisco Employee
Cisco Employee

‎06-16-2015 06:56 AM

Hi,

The sequence of NAT statement is incorrect.

Get the static NAT to the top and if possible move the dynamic nat at the bottom.

Thanks and Regards,

Vibhor Amrodia

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card