Announcement

Collapse
No announcement yet.

RDP from Inside to DMZ - ASA5510

Collapse
This topic is closed.
X
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • RDP from Inside to DMZ - ASA5510

    I asked this question specifically in the Cisco security forum, but no answers yet. So I'm posting here to see if someone in the General forum might have an answer.

    Regards,
    Scott

    I have a webserver sitting on the DMZ at 10.100.11.99, and I'd like to access it via RDP from 192.168.100.0/24. I have a NAT Exempt rule on Trust specifying the source as 192.168.100.0/24, destination 10.100.11.0/24, as well as an ACL to allow return traffic from the webserver back to trust on port 3389. I get the following error:

    No translation group found for tcp src Trust:192.168.100.108/4465 dst DMZ1:WEBSERVER/3389

    I don't understand what I am missing? Why am I getting an error related to translation when I have specified NAT Exempt (unless the translation the error is referring to is PAT)? If it is PAT, how do I enable this translation without having to specify that my webserver is a static port forwarding (i.e. I would like to avoid forwarding 3389 to ONLY the webserver so that I have to use other ports on other machines for RDP). My NAT Exempt rule uses Supernetting, but I am using 192.168.0.0/16 for my source network, and perhaps the ASA doesn't like that? By RFC standards, the 192.168.x.x subnet is /24 - is the ASA smart enough to know that, or should my /16 work?

    Regards,
    Scott
    Scott Pickles
    Systems Engineer
    VPN Systems, Inc.
    www. vpnsystems. com
    *******************
    CCNA - CCDA - BCMSN

  • #2
    Re: RDP from Inside to DMZ - ASA5510

    Do not double post. Read the forum rules.
    Also, be aware that all users are here in their spare time and due to a lot of the current holidays it might that most cisco knowledgeable users aren't here.

    Just continue here:
    http://forums.petri.com/showthread.php?t=31348

    Thread closed.
    Marcel
    Technical Consultant
    Netherlands
    http://www.phetios.com
    http://blog.nessus.nl

    MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
    "No matter how secure, there is always the human factor."

    "Enjoy life today, tomorrow may never come."
    "If you're going through hell, keep going. ~Winston Churchill"

    Comment

    Working...
    X