03-30-2020 07:46 AM
All,
I have port 3389 blocked on my edge device to the WAN. I have a ASA on the inside that is only used for AnyConnect. Is it possible to be on AnyConnect and RDP to a computer inside my network? Please be detailed on your answer so I can understand why this will not work or how to get it to work.
I am not using split tunneling so all IPs are going over the AnyConnect VPN.
Thanks
Solved! Go to Solution.
03-30-2020 09:33 AM
Hi,
Add the command "same-security-traffic permit intra-interface" and test again.
Regards,
Cristian Matei.
03-30-2020 07:55 AM
03-30-2020 09:13 AM
HTH,
I have remote access set up and I can access all other services HTTP,SSH.........just not RDP
Its IP that I am trying to RDP into is XXX.XXX.80.54. Its a public IP but like I said I block 3389.
My home office we have a site to site VPN and I can RDP to XXX.XXX.80.54 no issue, but not one the AnyConnect.
This is from the log on my ASA
6 Mar 30 2020 11:31:37 302014 172.21.1.6 51038 XXX.XXX.80.54 3389 Teardown TCP connection 2902403 for Outside:172.21.1.6/51038(LOCAL\jcart) to Outside:XXX.XXX.80.54/3389 duration 0:00:00 bytes 0 Flow is a loopback (XXX)
Thanks,
03-30-2020 09:28 AM
As it's a public IP address and you are tunnelling all AnyConnect VPN traffic through the ASA and back out you need to all traffic to be routed back out the same interface in came in on with this command:-
same-security-traffic permit intra-interface
And a nat rule:-
object network NETWORK_OBJ_172.21.1.0_28
nat (outside,outside) dynamic interface
HTH
04-01-2020 11:55 AM
It worked with out adding the NAT rule. Thanks for your help!
03-30-2020 09:33 AM
Hi,
Add the command "same-security-traffic permit intra-interface" and test again.
Regards,
Cristian Matei.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide