Announcement

Collapse
No announcement yet.

RDP connection thru 5510 firewall

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • RDP connection thru 5510 firewall

    I have recently bought a new ASA 5510 firewall for my company. I have connected my e0/0 to the router and e0/1 to the internal switch.
    Firewall outside interface 183.96.153.114
    Firewall inside interface 172.16.1.1
    Mail server IP 172.16.1.10

    I am just trying to open RDP, SMTP,IMAP,POP3 etc port from internet but couldnt do it. Please check my below show run configuration and help me pinpointing the problem.


    Building configuration...
    Cryptochecksum: 6ff6b885 cda48802 e9aec64f e02339c8
    2460 bytes copied in 3.660 secs (820 bytes/sec)
    [OK]
    ciscoasa5510(config)# show run
    : Saved
    :
    ASA Version 7.0(7)
    !
    hostname ciscoasa5510
    domain-name aes.local
    enable password 7I29zka34d3K7I encrypted
    names
    dns-guard
    !
    interface Ethernet0/0
    nameif outside
    security-level 0
    ip address 183.96.153.114 255.255.255.240
    !
    interface Ethernet0/1
    nameif inside
    security-level 100
    ip address 172.16.1.1 255.255.0.0
    !
    interface Ethernet0/2
    shutdown
    no nameif
    no security-level
    no ip address
    !
    interface Management0/0
    nameif management
    security-level 100
    ip address 192.168.1.1 255.255.255.0
    management-only
    !
    passwd 2KFQnbNIdI.2KYOU encrypted
    ftp mode passive
    access-list 110 extended permit tcp any host 183.96.153.114 eq 3389
    access-list 110 extended permit tcp any host 183.96.153.114 eq pop3
    access-list 110 extended permit tcp any host 183.96.153.114 eq imap4
    access-list 110 extended permit tcp any host 183.96.153.114 eq www
    access-list 110 extended permit tcp any host 183.96.153.114 eq https
    access-list 110 extended permit tcp any host 183.96.153.114 eq smtp
    pager lines 24
    logging asdm informational
    mtu outside 1500
    mtu inside 1500
    mtu management 1500
    no asdm history enable
    arp timeout 14400
    global (outside) 1 interface
    nat (inside) 1 0.0.0.0 0.0.0.0
    static (inside,outside) 183.96.153.114 172.16.1.10 netmask 255.255.255.255
    access-group 110 in interface outside
    route outside 0.0.0.0 0.0.0.0 183.96.153.113 1
    timeout xlate 3:00:00
    timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
    timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00
    timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00
    timeout uauth 0:05:00 absolute
    http server enable
    http 192.168.1.0 255.255.255.0 management
    no snmp-server location
    no snmp-server contact
    snmp-server enable traps snmp authentication linkup linkdown coldstart
    telnet timeout 5
    ssh timeout 5
    console timeout 0
    dhcpd address 192.168.1.2-192.168.1.254 management
    dhcpd lease 3600
    dhcpd ping_timeout 50
    dhcpd enable management
    !
    class-map inspection_default
    match default-inspection-traffic
    !
    !
    policy-map global_policy
    class inspection_default
    inspect dns maximum-length 512
    inspect ftp
    inspect h323 h225
    inspect h323 ras
    inspect rsh
    inspect rtsp
    inspect esmtp
    inspect sqlnet
    inspect skinny
    inspect sunrpc
    inspect xdmcp
    inspect sip
    inspect netbios
    inspect tftp

  • #2
    Re: RDP connection thru 5510 firewall

    Hi,

    You have set a static matching all ports for the same IP address as the external one on the firewall. You seem to have 14 useable IP addresses and your config is fine regarding ACLs etc therefore I would suggest changing the firewalls external IP to 115 (113 is your router)

    Assuming it isn't the case already, I would also change your public IP and remove other personally identifiable material from your post for security reasons.

    Relevant lines in your config are:

    Code:
    interface Ethernet0/0
     nameif outside
     security-level 0
     ip address x.x.153.114 255.255.255.240 
    
    access-list 110 extended permit tcp any host x.x.153.114 eq 3389 
    access-list 110 extended permit tcp any host x.x.153.114 eq pop3 
    access-list 110 extended permit tcp any host x.x.153.114 eq imap4 
    access-list 110 extended permit tcp any host x.x.153.114 eq www 
    access-list 110 extended permit tcp any host x.x.153.114 eq https 
    access-list 110 extended permit tcp any host x.x.153.114 eq smtp 
    
    access-group 110 in interface outside
    
    static (inside,outside) x.x.153.114 172.16.1.10 netmask 255.255.255.255
    cheers
    Andy

    Please read this before you post:


    Quis custodiet ipsos custodes?

    Comment

    Working...
    X