Dear Jocamare,

I try to use command as below but it still problem:

access-list outside_acl_in extended permit tcp any host 192.168.7.64 eq 3389

access-group Outside-In in interface outside

object network obj-192.168.30.10

host 192.168.30.10

object network obj_any

subnet 0.0.0.0 0.0.0.0

object network obj-192.168.30.10

nat (inside,outside) static 192.168.7.64

object network obj_any

Note: 192.168.7.64 is wan interface.

Best Regards,

rechard

Problem is you are using the wan interface.

Make it look like this:

access-list outside_acl_in extended permit tcp any host 192.168.7.64 eq 3389

access-group Outside-In in interface outside

object network obj-192.168.30.10

host 192.168.30.10

nat (inside,outside) static 192.168.7.64 service tcp 3389 3389

Dear All support

Thanks you for your help !

I tried to follow your config that you gave me but it not work.

any way currently IOS is asa861-2-smp-k8.bin, i would like to upgarde to asa911-smp-k8.bin.

for upgrade IOS is it the same ASA 5505 or 5510, just type: copy tftp flash , ip address and name of IOS is done?

Best Regards,

Rechard

Can you run this command and share its output?

packet-tracer in outside tcp 4.2.2.2 1234 192.168.7.64 3389

I might not need to point this out, but i will. Remember that the WAN IP [192.168.7.64] is a private address.

Not routable from the internet.

Just wanted to make sure that was clear.

Now, about the upgrade.

Not sure i understand the question about the ASA models, but the process is the same in all devices.

ciscoasa# copy tftp flash

Address or name of remote host []? <server's IP>

Source filename []? <file name>

Destination filename <file name>?

Accessing tftp://198.18.42.125/asa825-k8.bin [example]...!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

Writing file disk0:/asa825-k8.bin...!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!