12-05-2014 05:27 AM - edited 03-11-2019 10:11 PM
Hello!
What is wrong with the code below?? I just want to access two RDP servers with the same public IP. I tried to use the port (33890) to differentiate each other. But did not work =/
nat (outside,inside) source static any any destination static interface RDP_Server1 service TCP_3389 TCP_3389
nat (outside,inside) source static any any destination static interface RDP_Server2 service TCP_33890 TCP_3389
object network RDP_Server1
host 192.168.2.16
object network RDP_Server2
host 192.168.2.17
object service TCP_3389
service tcp destination eq 3389
object service TCP_33890
service tcp destination eq 33890
ASA code is 9.2(2)8
12-05-2014 05:29 AM
An add.
The second line did not work. The first works fine ;)
12-05-2014 06:42 AM
Hi,
Can you try packet traces for both of them :-
packet input outside tcp 4.2.2.2 3456 <outside interface ip> 3389 det
packet input outside tcp 4.2.2.2 3456 <outside interface ip> 33890 det
Thanks and Regards,
Vibhor Amrodia
12-05-2014 07:03 AM
You are configuring it in a quite unusual way. First try it the common way:
object network RDP_Server1 host 192.168.2.16 nat (inside,outside) static interface service tcp 3389 3389 object network RDP_Server2 host 192.168.2.17 nat (inside,outside) static interface service tcp 3389 33890
And remember that you have to use the real IP/ports in the ACL on the outside interface:
access-list OUTSIDE-IN permit tcp any host 192.168.2.16 eq 3389 access-list OUTSIDE-IN permit tcp any host 192.168.2.17 eq 3389
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide