Hi,
Everything seems to be fine as far as the configuration is concerned. I am sure you can access the server through RDP behind the firewall i.e. from the inside.
the command;
access-list outside_access_in extended permit tcp any eq 3389 host 67.x.x.77 eq 3389
try it like this first;
access-list outside_access_in extended permit tcp any host 67.x.x.77 eq 3389
This is correct since the line that you have added is specifying that the traffic is also coming from port 3389, this is not usually the case as the sending machine will generally us a dynamic high order port to initiate its communication on so you need to sepcify the source of the traffic coming from any port.
Well spotted, i missed that first look over.
and also in your translation try and remove the tcp ports.
If that works put fine you can add on the security. I have a similar setup running but with multiple DMZs.
Once this is sorted out try and change the defult port of RDP or terminal services.
hope this helps.
I would not remove the ports on the static translation. This is because you are using PAT on the external interface. The static translation if used without ports will usually setup a permanent 1 to 1 static IP mapping between a single inside ip address and a single outside ip address. Since you only have the single outside ip address then it may cause some issues with other hosts trying to communicate. It isn't something i have tested to confirm it, its something i may end up testing when i have a free min.
Cheers
Wayne Murphy
Firewall.cx Team Member
www.firewall.cx
Now working for a Security Company called Sec-1 Ltd in the UK, for any
Penetration Testing work visit
www.sec-1.com
or PM me for details.