cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
20479
Views
0
Helpful
6
Replies

Static NAT to allow RDP through my firewall

wvdarlington
Level 1
Level 1

Please let me preface this by saying I have not worked deep in networking in years and do not know much about firewalls in general.  So please do no assume facts not in evidence. 

I have a Cisco ASA 5505 running ASA Ver 8.4 and ASDM Ver 6.4.  Firewall mode is set to Routed.

My goal is very simple.  I want to allow RDP from the internet to a management server I have setup in my internal network.  I know RDP is TCP port 3389.  My internal network is a 176.128.1.x network.  My external network is on a 42.199.102.2-6 range.  The end-client that is initiating the RDP session could be coming in from any IP address on the internet.

I've looked through the GUI to try and determine how to configure this, but for the life of me I can't figure this out.   I am looking under Configuration > NAT Rules > +Add  This is the screen I get to, I just have no idea what data goes in what fields.



Any and all constructive assistance is appreciated.

Matt

1 Accepted Solution

Accepted Solutions

Jennifer Halim
Cisco Employee
Cisco Employee

here is the CLI configuration:

Assuming that the server is: 176.128.1.100, and you woud like to NAT it to 42.199.102.5

object network obj-176.128.1.100

   host  176.128.1.100

   nat (inside,outside) static 42.199.102.5

Then you would need to add access-list on the outside interface to allow the RDP access. If you already have an existing ACL on the outside, just add to the existing ACL as follows:

access-list permit tcp any object obj-176.128.1.100 eq 3389

If you are sharing the public ip address with other services and servers, then here is the config:

object network obj-176.128.1.100

   host  176.128.1.100

   nat (inside,outside) static 42.199.102.5 service tcp 3389 3389

Hope that helps.

View solution in original post