12-19-2007 11:14 PM - edited 03-12-2019 05:52 PM
I want to remote desktop to a host behind ASA Firewall through Internet. My ASA Firewall connect to an Draytek Vigor Load Balancer. Please guide me how to config ASA Firewall for this.
Thanks & Best Regards
Solved! Go to Solution.
12-20-2007 05:05 AM
There are coulple of ways of doing it, you could use spare public IP and assign it to your local server in the firewall to create a static nat.
e.g
Assume server IP: 192.168.1.1
Public IP: 30.30.30.1
static (inside,outside) 30.30.30.1 192.168.1.1 netmask 255.255.255.255
access-list out_access_in permit tcp any host 30.30.30.1 eq 3389
access-group out_access_in in interface outside
If do do not count with spared public IPs you could use outside interface to accomplish this as well.
e.g
Assume ASA outside interface IP is 30.30.30.1
static (inside,outside) tcp interface 3389 192.168.1.1 3389 netmask 255.255.255.255
access-list out_access_in permit tcp any host 30.30.30.1 eq 3389
access-group out_access_in in interface outside
Rgds
Jorge
12-25-2007 09:16 AM
Sang, glad it worked out.. could you rate post as resolved.
good luck and happy X-mas
Rgds
Jorge
12-20-2007 05:05 AM
There are coulple of ways of doing it, you could use spare public IP and assign it to your local server in the firewall to create a static nat.
e.g
Assume server IP: 192.168.1.1
Public IP: 30.30.30.1
static (inside,outside) 30.30.30.1 192.168.1.1 netmask 255.255.255.255
access-list out_access_in permit tcp any host 30.30.30.1 eq 3389
access-group out_access_in in interface outside
If do do not count with spared public IPs you could use outside interface to accomplish this as well.
e.g
Assume ASA outside interface IP is 30.30.30.1
static (inside,outside) tcp interface 3389 192.168.1.1 3389 netmask 255.255.255.255
access-list out_access_in permit tcp any host 30.30.30.1 eq 3389
access-group out_access_in in interface outside
Rgds
Jorge
12-22-2007 12:26 AM
Thanks for your solution!
But my problem is having no public IP. And my Draytek Vigor Load Balancer NAT all traffic incoming.
12-25-2007 01:42 AM
@ Jorge: I've try with your solution and it's sucessful
Deeply thanks and Best Regards
12-25-2007 09:16 AM
Sang, glad it worked out.. could you rate post as resolved.
good luck and happy X-mas
Rgds
Jorge
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide