Announcement

Collapse
No announcement yet.

ASA5510 RDP issues

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • ASA5510 RDP issues

    Hi there,

    i am hoping someone can help me here!

    I have an ASA5510 (v8.2) and i am trying to NAT RDP to that when you RDP to our public IP it connects you to the server inside the network.

    here is my config.

    ===========================================
    ASA Version 8.2(1)
    !
    hostname CISCO-ASA5510
    domain-name test.org.uk
    enable password m7TYfUPUfR/2yAtc encrypted
    passwd 2KFQnbNIdI.2KYOU encrypted
    names
    !
    interface Ethernet0/0
    nameif inside
    security-level 100
    ip address 10.0.0.252 255.255.255.0
    !
    interface Ethernet0/1
    nameif outside
    security-level 0
    ip address 66.66.66.114 255.255.255.240
    !
    interface Ethernet0/2
    shutdown
    no nameif
    no security-level
    no ip address
    !
    interface Ethernet0/3
    shutdown
    no nameif
    no security-level
    no ip address
    !
    interface Management0/0
    nameif management
    security-level 100
    ip address 10.1.0.254 255.255.255.0
    management-only
    !
    ftp mode passive
    clock timezone GMT/BST 0
    clock summer-time GMT/BDT recurring last Sun Mar 1:00 last Sun Oct 2:00
    dns server-group DefaultDNS
    domain-name test.org.uk
    same-security-traffic permit intra-interface
    object-group service RDP tcp
    description MS RDP
    port-object eq 3389
    access-list outside_access_in extended permit tcp 10.0.0.0 255.255.255.0 66.66.66.112 255.255.255.240
    pager lines 24
    logging asdm informational
    mtu inside 1500
    mtu outside 1500
    mtu management 1500
    no failover
    icmp unreachable rate-limit 1 burst-size 1
    no asdm history enable
    arp timeout 14400
    global (inside) 101 interface
    global (outside) 101 interface
    nat (inside) 101 0.0.0.0 0.0.0.0
    nat (outside) 101 0.0.0.0 0.0.0.0
    static (inside,outside) tcp interface 3389 10.0.0.4 3389 netmask 255.255.255.255
    access-group outside_access_in in interface outside
    route outside 0.0.0.0 0.0.0.0 66.66.66.113 1
    timeout xlate 3:00:00
    timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
    timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
    timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
    timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
    timeout tcp-proxy-reassembly 0:01:00
    dynamic-access-policy-record DfltAccessPolicy
    http server enable
    http 10.0.0.0 255.255.255.0 management
    http 10.1.0.0 255.255.255.0 management
    http redirect management 80
    snmp-server host management 10.1.0.1 community public udp-port 161
    no snmp-server location
    no snmp-server contact
    snmp-server community *****
    snmp-server enable traps snmp authentication linkup linkdown coldstart
    crypto ipsec security-association lifetime seconds 28800
    crypto ipsec security-association lifetime kilobytes 4608000
    telnet timeout 5
    ssh timeout 5
    console timeout 0
    dhcpd auto_config management
    !
    threat-detection basic-threat
    threat-detection statistics access-list
    no threat-detection statistics tcp-intercept
    webvpn
    !
    class-map inspection_default
    match default-inspection-traffic
    !
    !
    policy-map type inspect dns preset_dns_map
    parameters
    message-length maximum 512
    policy-map global_policy
    class inspection_default
    inspect dns preset_dns_map
    inspect ftp
    inspect h323 h225
    inspect h323 ras
    inspect rsh
    inspect rtsp
    inspect sqlnet
    inspect skinny
    inspect sunrpc
    inspect xdmcp
    inspect sip
    inspect netbios
    inspect tftp
    !
    service-policy global_policy global
    prompt hostname context
    Cryptochecksum:0746a79e181b74e4bda1ffd7a190b064
    : end

    ===========================================

    I am really unsure of what i am doing wrong, but it just does not want to work.

    Any help would be very much appreciated.

    Thanks!

    Rich

  • #2
    Re: ASA5510 RDP issues

    Don't you need an access rule for it on the outside interface like

    access-list outside_access_in extended permit tcp any host 66.66.66.114 eq 3389

    Comment

    Working...
    X