NAT Statement allowing RDP traffic to specific server (ASA)

mzinzmzinz Member Posts: 328
I just created the NAT statement for incoming RDP connections to a server on an ASA and it gave me an error saying there was an overlap. I attempted to RDP and got in, but it took me to the wrong host!

I went and looked at the config, and noticed that there was already an NAT created for RDP connections, which lead to a different IP. I'm a little surprised, though, because I thought that my statement was specific enough that it would take me to the right host, even if there were other RDP NAT statements. Maybe the other NAT statement is so broad that "ANY incoming RDP connections will go to x.x.x.x"

Pre-Existing RDP NAT statement:
static (Internal-201,ELI-External) tcp interface 3389 USERS_PC_IP 3389 netmask

My new RDP NAT statement:
static (Internal-201,ELI-External) tcp MY_EXTERNAL_IP 3389 SERVER_INTERNAL_IP 3389 netmask

Is the first statement just so broad? What exactly does 'interface' mean in the first case? "Any requests coming from the outbound INTERFACE will be redirected to USERS_PC_IP?"
2x 2950
2x 3550
2x 2650XM
2x 3640
1x 2801
Sign In or Register to comment.