Hot Downloads



The forum is in read only mode.
Welcome, Guest
Username: Password: Remember me
  • Page:
  • 1

TOPIC: 5510 RDP & Anyconnect

5510 RDP & Anyconnect 9 years 7 months ago #30980

  • swixtt
  • swixtt's Avatar Topic Author
  • Offline
  • New Member
  • New Member
  • Posts: 1
  • Thank you received: 0
hi guys,
well i'm new here and it seems there is a wealth of information from the reading i've done.
i have a 5510 here that has already been configured and is working fine. i've only added some regular expression to block a few sites.
i've used the ASDM for most of the items but now i need to allow a RDP connection from a known client. we'll be changing the default port to something else.
so, what i need to do is modify the outside interface to allow that network connection to the port.... then configure the NAT rules to allow access through.
is this best done with the command line? if so, what are some examples of the proper syntax for it.

also, how does one go about obtaining the anyconnect client. aren't all licenced asa entitled to use that client. we are using the ipsec client but need a 64bit one. not sure how to go about getting it.


Re: 5510 RDP & Anyconnect 9 years 7 months ago #30982

anyconnect client comes ship with the ASDM CD, look inside your ASA CD and you should find the package in it. yes Cisco is shipping the AnyConnect Client with every newly ASA Firewall, at least this is what have been told to me by a Cisco Distributor and to my newly experience with ASA configurations.

but I what type of VPN connection type your ASA supports, IPSec or SSL or both, for this answer you should look at the ASA Edition Bundle Part Number.

Please find your ASA edition bundle part number, this usually can be found in the quotation sent to you in your early considerations before you purchased your Cisco Products. Also your ASA IOS image number can guide you in determining the type of purchased bundle part number.

then go to Cisco website and look for the number of connections and type allowed for your specific ASA edition part number.

here is the site that might help you:

Now to allow RDP connection you need to create an access list wit ha static statement and assign the access list to your outside interface.

here is one scenario:
[code:1]access-list 101 extended permit tcp any host eq 3389
static (inside,outside) netmask
access-group 101 in interface outside[/code:1]

IP address:, will be your ASA external interface address or one of the IP addresses present in your external IP addresses Pool you made.

IP address:, is the IP address of your Internal host present in your Internal Network connected to your inside ASA interface

so once an RDP request hits the ASA external IP the ASA will redirect the RDP request to the Internal host with IP address of

good luck

Re: 5510 RDP & Anyconnect 9 years 7 months ago #30984

  • S0lo
  • S0lo's Avatar
  • Offline
  • Moderator
  • Moderator
  • Posts: 1577
  • Karma: 3
  • Thank you received: 7
Can't explain it better than sys-halt :). Yes, you need both an access list and a static map as sys-halt mentioned. Regarding the static map, you could also forward only the RDP port (3389) to your internal client. Some thing like this:

[code:1]static (inside,outside) tcp 3389 3389 netmask[/code:1]

This way only RDP traffic will be mapped to the internal host ( So you can map other traffic for other ports to another host using the same external IP. Another advantage of this method is that you could change the RDP port to your desired one, say 4433:

[code:1]static (inside,outside) tcp 3389 4433 netmask[/code:1]

Ofcourse you need to open that same port on your inside RDP host.

Hope this helps.
Studying CCNP...

Ammar Muqaddas
Forum Moderator

Re: 5510 RDP & Anyconnect 9 years 7 months ago #31003

My code is rusty, an old school coding style:-). I would advice you going with S0lo code, it's clean one and gives you much granular control.

good luck.
  • Page:
  • 1
Time to create page: 0.104 seconds


Cisco Routers

  • SSL WebVPN
  • Securing Routers
  • Policy Based Routing
  • Router on-a-Stick

VPN Security

  • Understand DMVPN
  • GRE/IPSec Configuration
  • Site-to-Site IPSec VPN
  • IPSec Modes

Cisco Help

  • VPN Client Windows 8
  • VPN Client Windows 7
  • CCP Display Problem
  • Cisco Support App.

Windows 2012

  • New Features
  • Licensing
  • Hyper-V / VDI
  • Install Hyper-V


  • File Permissions
  • Webmin
  • Groups - Users
  • Samba Setup