Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
529
Views
5
Helpful
3
Replies

Configure remote desktop CISCO ASA5506 ver 9.12

Nam Dao
Level 1
Level 1

‎04-30-2021 08:39 PM

Dear team,

This is my topo: My PC --> internet --> ASA --> PC client.

I just want to remote desktop over internet and ASA to PC client. And PC client is not allowed to access any web.

I tried to created some access list, but it is not working. Please support.

Attached file is show running configure in ASA.

Labels:
Preview file
9 KB
3 Replies 3

balaji.bandi
Hall of Fame
Hall of Fame

‎05-01-2021 01:57 AM

You need to do NAT to come in and allow for RDP 3389 port, i do not see any config in your attached config.

 

follow the below guide step by step :

 

https://www.networkstraining.com/configure-cisco-asa-5505-to-allow-remote-desktop-access-from-internet/

 

Make sure Windows PC always has FW enabled default, so disable and test and allow RDP.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Nam Dao
Level 1
Level 1
In response to balaji.bandi

‎05-01-2021 06:40 AM

ciscoasa# show running-config
: Saved

:
: Serial Number: JAD24350RSP
: Hardware: ASA5506, 4096 MB RAM, CPU Atom C2000 series 1250 MHz, 1 CPU (4 cores)
:
ASA Version 9.12(1)2
!
hostname ciscoasa
enable password ***** pbkdf2
names
no mac-address auto
ip local pool Client 10.0.0.1-10.0.0.10 mask 255.255.255.0

!
interface GigabitEthernet1/1
nameif outside
security-level 0
ip address dhcp setroute
!
interface GigabitEthernet1/2
description To client 31
bridge-group 1
nameif inside_1
security-level 100
!
interface GigabitEthernet1/3
bridge-group 1
nameif inside_2
security-level 100
!
interface GigabitEthernet1/4
bridge-group 1
nameif inside_3
security-level 100
!
interface GigabitEthernet1/5
bridge-group 1
nameif inside_4
security-level 100
!
interface GigabitEthernet1/6
bridge-group 1
nameif inside_5
security-level 100
!
interface GigabitEthernet1/7
bridge-group 1
nameif inside_6
security-level 100
!
interface GigabitEthernet1/8
bridge-group 1
nameif inside_7
security-level 100
!
interface Management1/1
management-only
no nameif
no security-level
no ip address
!
interface BVI1
nameif inside
security-level 100
ip address 192.168.1.1 255.255.255.0
!
ftp mode passive
same-security-traffic permit inter-interface
object network obj_any1
subnet 0.0.0.0 0.0.0.0
object network obj_any2
subnet 0.0.0.0 0.0.0.0
object network obj_any3
subnet 0.0.0.0 0.0.0.0
object network obj_any4
subnet 0.0.0.0 0.0.0.0
object network obj_any5
subnet 0.0.0.0 0.0.0.0
object network obj_any6
subnet 0.0.0.0 0.0.0.0
object network obj_any7
subnet 0.0.0.0 0.0.0.0
object network NETWORK_OBJ_10.0.0.0_28
subnet 10.0.0.0 255.255.255.240
object network RDP_static
host 192.168.1.6
access-list Test extended permit tcp any4 any4 eq 3389
access-list OUTSIDE-IN extended permit tcp any host 192.168.1.6 eq 3389
pager lines 24
logging asdm informational
mtu outside 1500
mtu inside_1 1500
mtu inside_2 1500
mtu inside_3 1500
mtu inside_4 1500
mtu inside_5 1500
mtu inside_6 1500
mtu inside_7 1500
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
no arp permit-nonconnected
arp rate-limit 16384
!
object network obj_any2
nat (inside_2,outside) dynamic interface
object network obj_any3
nat (inside_3,outside) dynamic interface
object network obj_any4
nat (inside_4,outside) dynamic interface
object network obj_any5
nat (inside_5,outside) dynamic interface
object network obj_any6
nat (inside_6,outside) dynamic interface
object network obj_any7
nat (inside_7,outside) dynamic interface
object network RDP_static
nat (inside_1,outside) static interface service tcp 3389 3389
!
nat (inside_1,outside) after-auto source dynamic obj_any1 interface
access-group OUTSIDE-IN in interface outside
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 sctp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
timeout conn-holddown 0:00:15
timeout igp stale-route 0:01:10
aaa-server remote protocol http-form
aaa-server remote (outside) host 192.168.100.5
user-identity default-domain LOCAL
aaa authentication login-history
http server enable
http 192.168.1.0 255.255.255.0 inside_1
http 192.168.1.0 255.255.255.0 inside_2
http 192.168.1.0 255.255.255.0 inside_3
http 192.168.1.0 255.255.255.0 inside_4
http 192.168.1.0 255.255.255.0 inside_5
http 192.168.1.0 255.255.255.0 inside_6
http 192.168.1.0 255.255.255.0 inside_7
no snmp-server location
no snmp-server contact
service sw-reset-button
crypto ipsec ikev2 ipsec-proposal AES256
protocol esp encryption aes-256
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES192
protocol esp encryption aes-192
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES
protocol esp encryption aes
protocol esp integrity sha-1 md5
crypto ipsec security-association pmtu-aging infinite
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev2 ipsec-proposal AES256 AES192 AES
crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map outside_map interface outside
crypto ca trustpoint _SmartCallHome_ServerCA
no validation-usage
crl configure
crypto ca trustpoint ASDM_TrustPoint0
enrollment self
subject-name CN=ciscoasa
crl configure
crypto ca trustpool policy
auto-import
crypto ca certificate chain _SmartCallHome_ServerCA
certificate ca 0509
308205b7 3082039f a0030201 02020205 09300d06 092a8648 86f70d01 01050500
3045310b 30090603 55040613 02424d31 19301706 0355040a 13105175 6f566164
6973204c 696d6974 6564311b 30190603 55040313 1251756f 56616469 7320526f
6f742043 41203230 1e170d30 36313132 34313832 3730305a 170d3331 31313234
31383233 33335a30 45310b30 09060355 04061302 424d3119 30170603 55040a13
1051756f 56616469 73204c69 6d697465 64311b30 19060355 04031312 51756f56
61646973 20526f6f 74204341 20323082 0222300d 06092a86 4886f70d 01010105
00038202 0f003082 020a0282 0201009a 18ca4b94 0d002daf 03298af0 0f81c8ae
4c19851d 089fab29 4485f32f 81ad321e 9046bfa3 86261a1e fe7e1c18 3a5c9c60
172a3a74 8333307d 615411cb edabe0e6 d2a27ef5 6b6f18b7 0a0b2dfd e93eef0a
c6b310e9 dcc24617 f85dfda4 daff9e49 5a9ce633 e62496f7 3fba5b2b 1c7a35c2
d667feab 66508b6d 28602bef d760c3c7 93bc8d36 91f37ff8 db1113c4 9c7776c1
aeb7026a 817aa945 83e205e6 b956c194 378f4871 6322ec17 6507958a 4bdf8fc6
5a0ae5b0 e35f5e6b 11ab0cf9 85eb44e9 f80473f2 e9fe5c98 8cf573af 6bb47ecd
d45c022b 4c39e1b2 95952d42 87d7d5b3 9043b76c 13f1dedd f6c4f889 3fd175f5
92c391d5 8a88d090 ecdc6dde 89c26571 968b0d03 fd9cbf5b 16ac92db eafe797c
adebaff7 16cbdbcd 252be51f fb9a9fe2 51cc3a53 0c48e60e bdc9b476 0652e611
13857263 0304e004 362b2019 02e874a7 1fb6c956 66f07525 dc67c10e 616088b3
3ed1a8fc a3da1db0 d1b12354 df44766d ed41d8c1 b222b653 1cdf351d dca1772a
31e42df5 e5e5dbc8 e0ffe580 d70b63a0 ff33a10f ba2c1515 ea97b3d2 a2b5bef2
8c961e1a 8f1d6ca4 6137b986 7333d797 969e237d 82a44c81 e2a1d1ba 675f9507
a32711ee 16107bbc 454a4cb2 04d2abef d5fd0c51 ce506a08 31f991da 0c8f645c
03c33a8b 203f6e8d 673d3ad6 fe7d5b88 c95efbcc 61dc8b33 77d34432 35096204
921610d8 9e2747fb 3b21e3f8 eb1d5b02 03010001 a381b030 81ad300f 0603551d
130101ff 04053003 0101ff30 0b060355 1d0f0404 03020106 301d0603 551d0e04
1604141a 8462bc48 4c332504 d4eed0f6 03c41946 d1946b30 6e060355 1d230467
30658014 1a8462bc 484c3325 04d4eed0 f603c419 46d1946b a149a447 3045310b
30090603 55040613 02424d31 19301706 0355040a 13105175 6f566164 6973204c
696d6974 6564311b 30190603 55040313 1251756f 56616469 7320526f 6f742043
41203282 02050930 0d06092a 864886f7 0d010105 05000382 0201003e 0a164d9f
065ba8ae 715d2f05 2f67e613 4583c436 f6f3c026 0c0db547 645df8b4 72c946a5
03182755 89787d76 ea963480 1720dce7 83f88dfc 07b8da5f 4d2e67b2 84fdd944
fc775081 e67cb4c9 0d0b7253 f8760707 4147960c fbe08226 93558cfe 221f6065
7c5fe726 b3f73290 9850d437 7155f692 2178f795 79faf82d 26876656 3077a637
78335210 58ae3f61 8ef26ab1 ef187e4a 5963ca8d a256d5a7 2fbc561f cf39c1e2
fb0aa815 2c7d4d7a 63c66c97 443cd26f c34a170a f890d257 a21951a5 2d9741da
074fa950 da908d94 46e13ef0 94fd1000 38f53be8 40e1b46e 561a20cc 6f588ded
2e458fd6 e9933fe7 b12cdf3a d6228cdc 84bb226f d0f8e4c6 39e90488 3cc3baeb
557a6d80 9924f56c 01fbf897 b0945beb fdd26ff1 77680d35 6423acb8 55a103d1
4d4219dc f8755956 a3f9a849 79f8af0e b911a07c b76aed34 d0b62662 381a870c
f8e8fd2e d3907f07 912a1dd6 7e5c8583 99b03808 3fe95ef9 3507e4c9 626e577f
a75095f7 bac89be6 8ea201c5 d666bf79 61f33c1c e1b9825c 5da0c3e9 d848bd19
a2111419 6eb2861b 683e4837 1a88b75d 965e9cc7 ef276208 e291195c d2f121dd
ba174282 97718153 31a99ff6 7d62bf72 e1a3931d cc8a265a 0938d0ce d70d8016
b478a53a 874c8d8a a5d54697 f22c10b9 bc5422c0 01506943 9ef4b2ef 6df8ecda
f1e3b1ef df918f54 2a0b25c1 2619c452 100565d5 8210eac2 31cd2e
quit
crypto ca certificate chain ASDM_TrustPoint0
certificate a2848660
308202d4 308201bc a0030201 020204a2 84866030 0d06092a 864886f7 0d01010b
0500302c 3111300f 06035504 03130863 6973636f 61736131 17301506 092a8648
86f70d01 09021608 63697363 6f617361 301e170d 32313035 30313131 33393231
5a170d33 31303432 39313133 3932315a 302c3111 300f0603 55040313 08636973
636f6173 61311730 1506092a 864886f7 0d010902 16086369 73636f61 73613082
0122300d 06092a86 4886f70d 01010105 00038201 0f003082 010a0282 010100a1
690d61fb 9121b86e 1f4ece4f 0f34c614 7c9aa2e2 92282788 86ca46ed b20136c3
9f91878a 2e0a76d6 6f3fe57d 85bbead6 30d98637 8410f19e 82749a37 fdd2ae1a
32f5b7f1 ac9f545a de090b09 90110db2 1dc4f901 2d6ec99b 87f4d3ba 49de5692
de20ef96 4a8d4081 2ddc43e5 6a216aa7 58fb2f9d f9ae9feb e9cde3de bf45c722
7785f2c4 d281ff56 19c31038 4cb71868 05ba7a4f d73280ed 850dce1c 0e9af261
fb516e9f aa8bb327 b791e5dd 9d7eee9c 2588adf6 d89a92f0 10b8b4b5 bbb8488d
73563be4 866f3176 fa688424 94fa599c 9cce7501 fc8d1bb5 ab4eac36 e9823850
2404912d 79b7f349 4dc3f37c 9d36e3ba e53ba764 576f7c93 6e8dc060 3ab1a302
03010001 300d0609 2a864886 f70d0101 0b050003 82010100 28001548 0172db58
bfb1f531 b55969dd 584c142e f70e6e64 c558e8db 17b6ba07 046d634b 75340f24
fabdccbb 8fd569de f1c30e5d 50e768d4 0af65600 4ec77770 2a6d6029 e101223b
66ab02a9 8ddd0963 d3f816c2 0152a567 47515725 9a2d597c 3aac8b69 8cc4d539
988fb3c6 c977af98 97c72f59 15ae7b40 c24ee915 9cee198a c78fae4b ca9e7df6
ab2d1c02 d9704b52 c0d27462 ebcc6bc1 3cdc6d26 fb468751 6b0b4c1d 5a9b4dc4
2381c05d 337ac663 976f724b 2fbe2636 3dca31ae 8a2b1fc3 971c5e83 e04836bc
7eca098f 30ae454d feaa9bd8 f1d1b652 8fa4e61a d063a6b5 32993794 47c7e19f
935aafb3 e4a90bbb 4037d181 d27bc83e c59adc97 d6857c22
quit
crypto ikev2 policy 1
encryption aes-256
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 10
encryption aes-192
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 20
encryption aes
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 30
encryption 3des
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 40
encryption des
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 enable outside client-services port 443
telnet timeout 5
ssh stricthostkeycheck
ssh timeout 5
console timeout 0

dhcpd auto_config outside
!
dhcpd address 192.168.1.5-192.168.1.254 inside
dhcpd enable inside
!
threat-detection basic-threat
threat-detection statistics port
threat-detection statistics protocol
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
webvpn
enable outside
hsts
enable
max-age 31536000
include-sub-domains
no preload
anyconnect image disk0:/anyconnect-win-3.1.03103-k9.pkg 1
anyconnect profiles Client31_client_profile disk0:/Client31_client_profile.xml
anyconnect profiles Namdao_client_profile disk0:/Namdao_client_profile.xml
anyconnect enable
tunnel-group-list enable
cache
disable
error-recovery disable
group-policy GroupPolicy_Namdao internal
group-policy GroupPolicy_Namdao attributes
wins-server none
dns-server none
vpn-tunnel-protocol l2tp-ipsec
default-domain none
webvpn
anyconnect profiles value Namdao_client_profile type user
dynamic-access-policy-record DfltAccessPolicy
username admin password ***** pbkdf2
tunnel-group Namdao type remote-access
tunnel-group Namdao general-attributes
address-pool Client
default-group-policy GroupPolicy_Namdao
tunnel-group Namdao webvpn-attributes
group-alias Namdao enable
!
class-map global_policy
match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
no tcp-inspection
policy-map global_policy
class global_policy
inspect icmp
inspect tftp
!
service-policy global_policy global
prompt hostname context
service call-home
call-home reporting anonymous
call-home
contact-email-addr namdaovan17@gmail.com
profile CiscoTAC-1
destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
destination address email callhome@cisco.com
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly
subscribe-to-alert-group configuration periodic monthly
subscribe-to-alert-group telemetry periodic daily
Cryptochecksum:4f19d4bdf97170715381bd13de49fc25
: end
ciscoasa#
0 Helpful

Nam Dao
Level 1
Level 1

‎05-01-2021 06:43 AM

Hi Balaji,

 
I did as your guide, but it is still not working as well. (you can check in the attached text file).
 
My PC(192.168.100.3) --> ASA G1/1 (192.168.100.5) --> ASA G1/2 (192.168.1.1) --> PC client (192.168.1.6).
Please extend your support.
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card