No announcement yet.

RDP from Inside to DMZ - ASA5510

  • Filter
  • Time
  • Show
Clear All
new posts

  • RDP from Inside to DMZ - ASA5510

    I have a webserver sitting on the DMZ at, and I'd like to access it via RDP from I have a NAT Exempt rule on Trust specifying the source as, destination, as well as an ACL to allow return traffic from the webserver back to trust on port 3389. I get the following error:

    No translation group found for tcp src Trust: dst DMZ1:WEBSERVER/3389

    I don't understand what I am missing? Why am I getting an error related to translation when I have specified NAT Exempt (unless the translation the error is referring to is PAT)? If it is PAT, how do I enable this translation without having to specify that my webserver is a static port forwarding (i.e. I would like to avoid forwarding 3389 to ONLY the webserver so that I have to use other ports on other machines for RDP). My NAT Exempt rule uses Supernetting, but I am using for my source network, and perhaps the ASA doesn't like that? By RFC standards, the 192.168.x.x subnet is /24 - is the ASA smart enough to know that, or should my /16 work?

    Last edited by spickles; 30th December 2008, 16:09. Reason: additional information added
    Scott Pickles
    Systems Engineer
    VPN Systems, Inc.
    www. vpnsystems. com

  • #2
    Re: RDP from Inside to DMZ - ASA5510

    Hi spickles,

    I am not sure if have figured this out yet but if you still need help I am more than willing to have a stab at it. If you respond and are still having problems with this would it be possible to get a partial of your config file?