Options
head scratcher...ASA question
Hi guys...5am...was bored so i decided to work on my ASA and get it configured. After the initial config I added a simple acl to allow rdp along with static nat. For the love of me...I can't figure out why I am not able to rdp to the machine
Can someone enlighten me on what I might be missing, along with some trouble shooting steps.
sh xlate shows
xx.xx.xx.xx (3389) 172.16.100.2 (3389)
...
..
....
config is as follows:
ASA Version 7.2(2)
!
hostname asa-01
domain-name tyy.com
names
name 172.16.100.2 walle
!
interface Vlan1
nameif inside
security-level 100
ip address 172.16.100.1 255.255.255.0
!
interface Vlan2
nameif outside
security-level 0
ip address xx.xx.xx.245 255.255.255.240
!
interface Ethernet0/0
switchport access vlan 2
ftp mode passive
dns server-group DefaultDNS
domain-name tty.com
same-security-traffic permit intra-interface
access-list outside_access_in extended permit tcp any eq 3389 host walle eq 3389
pager lines 24
logging asdm informational
mtu inside 1500
mtu outside 1500
mtu dmz 1500
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-522.bin
asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0
static (inside,outside) tcp interface 3389 walle 3389 netmask 255.255.255.255
access-group outside_access_in in interface outside
route outside 0.0.0.0 0.0.0.0 cc.cc.cc.cc 1
Can someone enlighten me on what I might be missing, along with some trouble shooting steps.
sh xlate shows
xx.xx.xx.xx (3389) 172.16.100.2 (3389)
...
..
....
config is as follows:
ASA Version 7.2(2)
!
hostname asa-01
domain-name tyy.com
names
name 172.16.100.2 walle
!
interface Vlan1
nameif inside
security-level 100
ip address 172.16.100.1 255.255.255.0
!
interface Vlan2
nameif outside
security-level 0
ip address xx.xx.xx.245 255.255.255.240
!
interface Ethernet0/0
switchport access vlan 2
ftp mode passive
dns server-group DefaultDNS
domain-name tty.com
same-security-traffic permit intra-interface
access-list outside_access_in extended permit tcp any eq 3389 host walle eq 3389
pager lines 24
logging asdm informational
mtu inside 1500
mtu outside 1500
mtu dmz 1500
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-522.bin
asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0
static (inside,outside) tcp interface 3389 walle 3389 netmask 255.255.255.255
access-group outside_access_in in interface outside
route outside 0.0.0.0 0.0.0.0 cc.cc.cc.cc 1
Comments
-
Options
/usr
Member Posts: 1,768
How Some Companies Do Support.: Configure RDP Port Forwarding on a Cisco ASA 5505
Basically, you need a NAT entry to translate the traffic, then you need to allow the traffic to be passed via your security policy. -
Options
qp81
Member Posts: 85 ■■□□□□□□□□
did you happen to bother ot look at the config i had posted...because its pretty much the same as the site you had linked to... -
Optionsqp81
Member Posts: 85 ■■□□□□□□□□
from:
access-list outside_access_in extended permit tcp any eq 3389 host walle eq 3389
to:
access-list outside_access_in extended permit tcp any host walle eq 3389
now i have another issue which concerns ftp....I've posted on the CCSP forum