RDP port 3398 not working over cisco any connect VPN tunnel

45-Fish-Nets · ‎08-19-2022

need help with RDP issue on cisco any connect,
i blocked RDP on my cisco firepower ACL ( rule : block, destination port tcp and udp 3389 with priority 2 on the list ), but i wanted to allow RDP connection from a specific External IP Address. i set another rule above the block RDP rule with these config ( rule : Allow, source public IP address of external device and destination and ports set to ALL ) , when i use cisco any connect to connect to my network from the specified external IP address the RPD port is not working. i did a test and removed the external IP address from the Allow RDP rule and set everything to ALL and RDP is working, is this a issue with the public IP address when using cisco any connect, should i use the private IP address of the device since am connecting from a VPN tunnel ?

balaji.bandi · ‎08-19-2022

When you connect from Remote VPN, what IP address you getting, and you need to allow that IP address high level.

Again this is just my assumption thinking that your VPN IP, we need to know more information - how your network environment looks like.

also check the Logs when you doing RDP what is dropping (you can find the IP address there)?

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

MHM Cisco World · ‎08-19-2022

ACL before of after NAT ?
depend on FW
some apply NAT before ACL other apply after NAT
so in your case
only change the MAPPED IP with Real IP and try again