cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

1179
Views
0
Helpful
5
Replies
Highlighted
Beginner

Remote Desktop Connection to ASA 5515x

Hi Guys,


I have ASA 5515x and it has already Internet Connection since my firewall is not "production". So right now I'm trying to configure a Remote Session just for a test and eventually I was not able to connect from it. I followed the instructions from technotes but still Remote Connection dropped. Here's my sample configuration on my firewall, btw I also configured a service policy rule and ACL just to make sure if I can able to access the Server inside my network but Session also dropped.

Feel free if you guys have any inputs on my concern. Thanks a lot.

nat (inside,outside) source static 1.1.1.1 2.2.2.1

access-list 110 extended permit tcp host 3.3.3.1 host 2.2.2.1 eq 3389

CiscoASA(config)#class-map rdpmss
CiscoASA(config-cmap)#match access-list 110    
CiscoASA(config-cmap)#exit
CiscoASA(config)#tcp-map mss-map
CiscoASA(config-tcp-map)#exceed-mss allow
CiscoASA(config-tcp-map)#exit
CiscoASA(config)#policy-map rdpmss
CiscoASA(config-pmap)#class rdpmss
CiscoASA(config-pmap-c)#set connection advanced-options mss-map
CiscoASA(config-pmap-c)#exit
CiscoASA(config-pmap)#exit
CiscoASA(config)#service-policy rdpmss interface outside


http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00807d287e.shtml

Everyone's tags (2)
1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
VIP Mentor

Remote Desktop Connection to ASA 5515x

The service-policy is not needed in this scenario. But your ACL has to use the real address of the internal server:

access-list 110 extended permit tcp host 3.3.3.1 host 1.1.1.1 eq 3389

And is the ACL bound to the outside interface?

access-group 110 in int outside

-- 
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni

View solution in original post

5 REPLIES 5
Highlighted
VIP Mentor

Remote Desktop Connection to ASA 5515x

The service-policy is not needed in this scenario. But your ACL has to use the real address of the internal server:

access-list 110 extended permit tcp host 3.3.3.1 host 1.1.1.1 eq 3389

And is the ACL bound to the outside interface?

access-group 110 in int outside

-- 
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni

View solution in original post

Highlighted
Beginner

Remote Desktop Connection to ASA 5515x

Hi Karsten,

Thanks for your response. Yes I bounded this to outside interface, but still Remote Desktop unable to connect.

Highlighted
VIP Mentor

Re: Remote Desktop Connection to ASA 5515x

3.3.3.1 is the PC from which you test RDP? 1.1.1.1 is the inside server? And you access the IP 2.2.2.1 from outside? Then show the output of thew following command:

packet-tracer input outside tcp 3.3.3.1 1234 2.2.2.1 3389

-- 
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni

Highlighted
Beginner

Remote Desktop Connection to ASA 5515x

Hi Karsten,

Yes, Anyway my apologies to you, I setup another server and I think my 1st server having some problem with RDP. Right now I'm able to use RDP session to my new server setup. My bad, so meaning my configuration are correct without using service policy as well. Thank you so much karsten I really appreciated your assistance. Once again my apoliges.

Thanks,

Bhal

Highlighted
VIP Mentor

Remote Desktop Connection to ASA 5515x

no problem! Fine when it's working now.

-- 
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni