Hot Downloads

Welcome, Guest
Username: Password: Remember me

TOPIC: RDP through ASA 5505 from Inside-to-DMZ

RDP through ASA 5505 from Inside-to-DMZ 8 years 2 months ago #27396

  • sys-halt
  • sys-halt's Avatar
  • Offline
  • Frequent Member
  • Posts: 68
  • Karma: 0
hi, our company got ASA 5505, one interface is configured as inside and other interface as dmz1.

Ethernet 0/1 is configured as the inside interface for my Internal Network, where all employees PC's reside.

Ethernet 0/2 is configured as dmz1. I have Windows Server 2003 acting as an edge transport with Terminal Services installed and configured.

the idea is that I need to allow my Inside Network to have the capability of opening a remote desktop connection with my edge transport server, Win 2003.

here is the basic setup:

Interface Vlan 2
nameif dmz1
security-level 20
ip address 192.168.1.1 255.255.255.0

Interface Vlan 3
nameif inside
security-level 100
ip address 172.16.1.1 255.255.255.0

Ethernet 0/1
switchport access vlan 3
no shut

Ethernet 0/2
switchport access vlan 2
no shut

since the ASA firewall works its way from high-sec to low-sec. Do I really have to create an access-list with a static translation slot to allow remote desktop connection from Inside with sec-level of 100 to the dmz1 with sec-level of 20?

If I do have to create an access-list for it could you please guide me through the proper syntax to achieve it.
The administrator has disabled public write access.

Re: RDP through ASA 5505 from Inside-to-DMZ 8 years 2 months ago #27410

  • sys-halt
  • sys-halt's Avatar
  • Offline
  • Frequent Member
  • Posts: 68
  • Karma: 0
hey everyone,

sorry my problem was not in the rdp traffic. my ASA dropped my packets from 172.16.1.0 to 192.168.1.0 from the inside to dmz1 because there was no NAT made and no global pool created.

those was the lines that made the connection happens properly:

nat (inside) 2 0.0.0.0 0.0.0.0 norandomseq
globale (dmz1) 2 interface

once I put these two commands things worked fine and I am now able to rdp from my inside to my dmz1.

thanks all
The administrator has disabled public write access.
Time to create page: 0.075 seconds

CCENT/CCNA

Cisco Routers

  • SSL WebVPN
  • Securing Routers
  • Policy Based Routing
  • Router on-a-Stick

VPN Security

  • Understand DMVPN
  • GRE/IPSec Configuration
  • Site-to-Site IPSec VPN
  • IPSec Modes

Cisco Help

  • VPN Client Windows 8
  • VPN Client Windows 7
  • CCP Display Problem
  • Cisco Support App.

Windows 2012

  • New Features
  • Licensing
  • Hyper-V / VDI
  • Install Hyper-V

Linux

  • File Permissions
  • Webmin
  • Groups - Users
  • Samba Setup