Remote desktop to a host behind an ASA Appliance

Answered Question
Dec 19th, 2007
User Badges:

I want to remote desktop to a host behind ASA Firewall through Internet. My ASA Firewall connect to an Draytek Vigor Load Balancer. Please guide me how to config ASA Firewall for this.

Thanks & Best Regards

Correct Answer by JORGE RODRIGUEZ about 9 years 4 months ago

Sang, glad it worked out.. could you rate post as resolved.


good luck and happy X-mas


Rgds

Jorge

Correct Answer by JORGE RODRIGUEZ about 9 years 4 months ago

There are coulple of ways of doing it, you could use spare public IP and assign it to your local server in the firewall to create a static nat.


e.g


Assume server IP: 192.168.1.1

Public IP: 30.30.30.1



static (inside,outside) 30.30.30.1 192.168.1.1 netmask 255.255.255.255

access-list out_access_in permit tcp any host 30.30.30.1 eq 3389

access-group out_access_in in interface outside




If do do not count with spared public IPs you could use outside interface to accomplish this as well.


e.g



Assume ASA outside interface IP is 30.30.30.1

static (inside,outside) tcp interface 3389 192.168.1.1 3389 netmask 255.255.255.255

access-list out_access_in permit tcp any host 30.30.30.1 eq 3389

access-group out_access_in in interface outside



Rgds

Jorge

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
Correct Answer
JORGE RODRIGUEZ Thu, 12/20/2007 - 05:05
User Badges:
  • Green, 3000 points or more

There are coulple of ways of doing it, you could use spare public IP and assign it to your local server in the firewall to create a static nat.


e.g


Assume server IP: 192.168.1.1

Public IP: 30.30.30.1



static (inside,outside) 30.30.30.1 192.168.1.1 netmask 255.255.255.255

access-list out_access_in permit tcp any host 30.30.30.1 eq 3389

access-group out_access_in in interface outside




If do do not count with spared public IPs you could use outside interface to accomplish this as well.


e.g



Assume ASA outside interface IP is 30.30.30.1

static (inside,outside) tcp interface 3389 192.168.1.1 3389 netmask 255.255.255.255

access-list out_access_in permit tcp any host 30.30.30.1 eq 3389

access-group out_access_in in interface outside



Rgds

Jorge

truongthanhsang Sat, 12/22/2007 - 00:26
User Badges:

Thanks for your solution!

But my problem is having no public IP. And my Draytek Vigor Load Balancer NAT all traffic incoming.

truongthanhsang Tue, 12/25/2007 - 01:42
User Badges:

@ Jorge: I've try with your solution and it's sucessful

Deeply thanks and Best Regards

Correct Answer
JORGE RODRIGUEZ Tue, 12/25/2007 - 09:16
User Badges:
  • Green, 3000 points or more

Sang, glad it worked out.. could you rate post as resolved.


good luck and happy X-mas


Rgds

Jorge

Actions

This Discussion