Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1261
Views
0
Helpful
4
Replies

Remote desktop to a host behind an ASA Appliance

Go to solution
truongthanhsang
Level 1
Level 1

‎12-19-2007 11:14 PM - edited ‎03-12-2019 05:52 PM

I want to remote desktop to a host behind ASA Firewall through Internet. My ASA Firewall connect to an Draytek Vigor Load Balancer. Please guide me how to config ASA Firewall for this.

Thanks & Best Regards

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
JORGE RODRIGUEZ
Level 10
Level 10

‎12-20-2007 05:05 AM

There are coulple of ways of doing it, you could use spare public IP and assign it to your local server in the firewall to create a static nat.

e.g

Assume server IP: 192.168.1.1

Public IP: 30.30.30.1

static (inside,outside) 30.30.30.1 192.168.1.1 netmask 255.255.255.255

access-list out_access_in permit tcp any host 30.30.30.1 eq 3389

access-group out_access_in in interface outside

If do do not count with spared public IPs you could use outside interface to accomplish this as well.

e.g

Assume ASA outside interface IP is 30.30.30.1

static (inside,outside) tcp interface 3389 192.168.1.1 3389 netmask 255.255.255.255

access-list out_access_in permit tcp any host 30.30.30.1 eq 3389

access-group out_access_in in interface outside

Rgds

Jorge

Jorge Rodriguez

View solution in original post

0 Helpful

Go to solution
JORGE RODRIGUEZ
Level 10
Level 10
In response to truongthanhsang

‎12-25-2007 09:16 AM

Sang, glad it worked out.. could you rate post as resolved.

good luck and happy X-mas

Rgds

Jorge

Jorge Rodriguez

View solution in original post

0 Helpful
4 Replies 4

Go to solution
JORGE RODRIGUEZ
Level 10
Level 10

‎12-20-2007 05:05 AM

There are coulple of ways of doing it, you could use spare public IP and assign it to your local server in the firewall to create a static nat.

e.g

Assume server IP: 192.168.1.1

Public IP: 30.30.30.1

static (inside,outside) 30.30.30.1 192.168.1.1 netmask 255.255.255.255

access-list out_access_in permit tcp any host 30.30.30.1 eq 3389

access-group out_access_in in interface outside

If do do not count with spared public IPs you could use outside interface to accomplish this as well.

e.g

Assume ASA outside interface IP is 30.30.30.1

static (inside,outside) tcp interface 3389 192.168.1.1 3389 netmask 255.255.255.255

access-list out_access_in permit tcp any host 30.30.30.1 eq 3389

access-group out_access_in in interface outside

Rgds

Jorge

Jorge Rodriguez
0 Helpful

Go to solution
truongthanhsang
Level 1
Level 1
In response to JORGE RODRIGUEZ

‎12-22-2007 12:26 AM

Thanks for your solution!

But my problem is having no public IP. And my Draytek Vigor Load Balancer NAT all traffic incoming.

0 Helpful

Go to solution
truongthanhsang
Level 1
Level 1
In response to truongthanhsang

‎12-25-2007 01:42 AM

@ Jorge: I've try with your solution and it's sucessful

Deeply thanks and Best Regards

0 Helpful

Go to solution
JORGE RODRIGUEZ
Level 10
Level 10
In response to truongthanhsang

‎12-25-2007 09:16 AM

Sang, glad it worked out.. could you rate post as resolved.

good luck and happy X-mas

Rgds

Jorge

Jorge Rodriguez
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card