Remote desktop to a host behind an ASA Appliance

Answered Question
Dec 19th, 2007

I want to remote desktop to a host behind ASA Firewall through Internet. My ASA Firewall connect to an Draytek Vigor Load Balancer. Please guide me how to config ASA Firewall for this.

Thanks & Best Regards

I have this problem too.
0 votes
Correct Answer by JORGE RODRIGUEZ about 8 years 11 months ago

Sang, glad it worked out.. could you rate post as resolved.

good luck and happy X-mas

Rgds

Jorge

Correct Answer by JORGE RODRIGUEZ about 8 years 11 months ago

There are coulple of ways of doing it, you could use spare public IP and assign it to your local server in the firewall to create a static nat.

e.g

Assume server IP: 192.168.1.1

Public IP: 30.30.30.1

static (inside,outside) 30.30.30.1 192.168.1.1 netmask 255.255.255.255

access-list out_access_in permit tcp any host 30.30.30.1 eq 3389

access-group out_access_in in interface outside

If do do not count with spared public IPs you could use outside interface to accomplish this as well.

e.g

Assume ASA outside interface IP is 30.30.30.1

static (inside,outside) tcp interface 3389 192.168.1.1 3389 netmask 255.255.255.255

access-list out_access_in permit tcp any host 30.30.30.1 eq 3389

access-group out_access_in in interface outside

Rgds

Jorge

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
Correct Answer
JORGE RODRIGUEZ Thu, 12/20/2007 - 05:05

There are coulple of ways of doing it, you could use spare public IP and assign it to your local server in the firewall to create a static nat.

e.g

Assume server IP: 192.168.1.1

Public IP: 30.30.30.1

static (inside,outside) 30.30.30.1 192.168.1.1 netmask 255.255.255.255

access-list out_access_in permit tcp any host 30.30.30.1 eq 3389

access-group out_access_in in interface outside

If do do not count with spared public IPs you could use outside interface to accomplish this as well.

e.g

Assume ASA outside interface IP is 30.30.30.1

static (inside,outside) tcp interface 3389 192.168.1.1 3389 netmask 255.255.255.255

access-list out_access_in permit tcp any host 30.30.30.1 eq 3389

access-group out_access_in in interface outside

Rgds

Jorge

truongthanhsang Sat, 12/22/2007 - 00:26

Thanks for your solution!

But my problem is having no public IP. And my Draytek Vigor Load Balancer NAT all traffic incoming.

truongthanhsang Tue, 12/25/2007 - 01:42

@ Jorge: I've try with your solution and it's sucessful

Deeply thanks and Best Regards

Correct Answer
JORGE RODRIGUEZ Tue, 12/25/2007 - 09:16

Sang, glad it worked out.. could you rate post as resolved.

good luck and happy X-mas

Rgds

Jorge

Actions

This Discussion