No announcement yet.

Allowing Remote Desktop Connection Through ASA 5505 from inside to DMZ

  • Filter
  • Time
  • Show
Clear All
new posts

  • Allowing Remote Desktop Connection Through ASA 5505 from inside to DMZ

    hello everyone,

    I'm trying to allow Remote Desktop Connection from my inside network to the DMZ where my bastion hosts through the ASA 5505 firewall.

    at first i thought since the ASA firewall works its way from high-security to low-security, I should not have a problem in allowing remote desktop connection from my hosts inside my Internal Network with security-level of 100 to my DMZ network with Security-level of 20.

    I have the following:

    interface Vlan 2
    nameif inside
    security-level 100
    ip address

    Ethernet 0/2
    switchport access vlan 2
    no shut

    interface vlan 3
    nameif dmz3
    security-level 20
    ip address

    Ethernet 0/3
    switchport access vlan 3
    no shut

    I simply wants to access my bastion hosts setting in my dmz3 from my PCs setting in my inside internal network through the ASA 5505.

    since I'm going from high-to-low shouldn't my ASA firewall allow me to do so without creating any access-list with static path?

    and if I have to create an access-list with a static path to allow port traffic of 3389 for rdp, could you please guide me through the proper syntax of doing so.

    I have looking on the Internet for all kind of syntax most of them allowing from Outside to Inside, from low-sec to high-sec, but none working fine with my basic configuration. and i even tried allwoing RDP access from dmz3 to inside just to test the syntax i read about to see if it will work but no luck. I can get to the Internet from both Vlan's interfaces but can't access both zones through RDP.

    thanks in advance.

  • #2
    Re: Allowing Remote Desktop Connection Through ASA 5505 from inside to DMZ

    hey everyone,

    sorry my problem was not in the rdp traffic. my ASA dropped my packets from to from the inside to dmz1 because there was no NAT made and no global pool created.

    those was the lines that made the connection happens properly:

    nat (inside) 2 norandomseq
    globale (dmz1) 2 interface

    once I put these two commands things worked fine and I am now able to rdp from my inside to my dmz1.

    thanks all