Here are the relevant parts of my config:

interface Vlan1

nameif inside

security-level 100

ip address 172.18.67.1 255.255.255.0

!

interface Vlan2

nameif outside

security-level 0

ip address 71.x.x.x 255.255.255.0

!

interface Ethernet0/0

switchport access vlan 2

!

same-security-traffic permit inter-interface

same-security-traffic permit intra-interface

access-list NAT extended permit ip 172.18.67.0 255.255.255.0 10.11.0.0 255.255.0.0

access-list NAT extended permit ip 172.18.67.0 255.255.255.0 10.41.0.0 255.255.0.0

access-list Port_Forwarding-ACL extended permit tcp any host 172.18.67.2 eq 3389

!

global (outside) 1 interface

nat (inside) 0 access-list NAT

nat (inside) 1 0.0.0.0 0.0.0.0

static (inside,outside) tcp interface 3389 172.18.67.2 3389 netmask 255.255.255.255

access-group Port_Forwarding-ACL in interface outside

route outside 0.0.0.0 0.0.0.0 71.169.11.1 1

Here is a packet tracer output:

eas-ny-pinn# packet-tracer input outside tcp 1.1.1.1 3389 172.18.67.2 3389

Phase: 1

Type: FLOW-LOOKUP

Subtype:

Result: ALLOW

Config:

Additional Information:

Found no matching flow, creating a new flow

Phase: 2

Type: ROUTE-LOOKUP

Subtype: input

Result: ALLOW

Config:

Additional Information:

in   172.18.67.0     255.255.255.0   inside

Phase: 3

Type: ACCESS-LIST

Subtype: log

Result: ALLOW

Config:

access-group Port_Forwarding-ACL in interface outside

access-list Port_Forwarding-ACL extended permit tcp any host 172.18.67.2 eq 3389

Additional Information:

Phase: 4

Type: IP-OPTIONS

Subtype:

Result: ALLOW

Config:

Additional Information:

Phase: 5

Type: HOST-LIMIT

Subtype:

Result: ALLOW

Config:

Additional Information:

Phase: 6

Type: NAT

Subtype: rpf-check

Result: DROP

Config:

static (inside,outside) tcp interface 3389 172.18.67.2 3389 netmask 255.255.255.255

  match tcp inside host 172.18.67.2 eq 3389 outside any

    static translation to 71.169.11.10/3389

    translate_hits = 0, untranslate_hits = 6

Additional Information:

Result:

input-interface: outside

input-status: up

input-line-status: up

output-interface: inside

output-status: up

output-line-status: up

Action: drop

Drop-reason: (acl-drop) Flow is denied by configured rule

Why is this failing?