Hot Downloads

Welcome, Guest
Username: Password: Remember me

TOPIC: PNAT on RDP, but dosn't forward right.

PNAT on RDP, but dosn't forward right. 6 years 5 months ago #34725

  • WarlockD
  • WarlockD's Avatar
  • Offline
  • New Member
  • Posts: 4
  • Karma: 0
I have this odd situation. I just upgraded to 8.3 on my ASA 5505 and been trying to forward RDP. Now, if I do this, it works fine:
[code:1]
object network RDP_static_paul
host 192.168.92.116
nat (inside,outside) static interface service tcp 3389 3389

access-list outside_access_in extended permit tcp any object RDP_static_paul eq 3389
[/code:1]

However, I want to translate the port so I can have another computer connect rdp. I CANNOT connect with this:

[code:1]
object network RDP_static_paul
host 192.168.92.116
nat (inside,outside) static interface service tcp 3389 5000

access-list outside_access_in extended permit tcp any object RDP_static_paul eq 5000
[/code:1]

With the error in the log:
[code:1]
4 Jun 09 2010 20:53:40 106023 144.162.138.54 3367 192.168.92.116 3389 Deny tcp src outside:144.162.138.54/3367 dst inside:192.168.92.116/3389 by access-group "outside_access_in" [0x0, 0x0]
[/code:1]

Now, what is REALLY odd about all this, is that if I add BOTH access rules:
[code:1]
object network RDP_static_paul
host 192.168.92.116
nat (inside,outside) static interface service tcp 3389 5000

access-list outside_access_in extended permit tcp any object RDP_static_paul eq 5000
access-list outside_access_in extended permit tcp any object RDP_static_paul eq 3389 [/code:1]
To the second one, it works.
[code:1]
6 Jun 09 2010 20:50:32 302013 144.162.138.54 3354 192.168.92.116 3389 Built inbound TCP connection 1589635 for outside:144.162.138.54/3354 (144.162.138.54/3354) to inside:192.168.92.116/3389 (76.183.66.73/5000)
[/code:1]

So my question is what am I doing wrong. I know its an access rule I am missing, but I thought that once the packet makes it in, its translated by the nat and sent on its way. Do I need to create an inside access-group to handle it?[/code]
The administrator has disabled public write access.
Time to create page: 0.077 seconds

CCENT/CCNA

Cisco Routers

  • SSL WebVPN
  • Securing Routers
  • Policy Based Routing
  • Router on-a-Stick

VPN Security

  • Understand DMVPN
  • GRE/IPSec Configuration
  • Site-to-Site IPSec VPN
  • IPSec Modes

Cisco Help

  • VPN Client Windows 8
  • VPN Client Windows 7
  • CCP Display Problem
  • Cisco Support App.

Windows 2012

  • New Features
  • Licensing
  • Hyper-V / VDI
  • Install Hyper-V

Linux

  • File Permissions
  • Webmin
  • Groups - Users
  • Samba Setup