Solved: Remote desktop outside to Inside on ASA

rechard_david · ‎04-08-2008

Dear Expert,

Please help me!!! to solve this problem.

Please see in the attach file.

i want outside can access remote in to inside pass thought ASA.

but it doesn't work.

Best Regards,

rechard

aansatosorigin · ‎04-16-2008

Hi Rechard,

This because at global, you have define interface as global translation

for all addresses matching NAT rule 1 to be translated through the outside interface or to the internet. This also follows if you are applying ip address at global, which means you must also define ip address at your static NAT configuration. By theway, hope you can kindly rate our conversation and remark as resolve. Your cooperation is highly appreciated. Thank you.

View solution in original post

aansatosorigin · ‎04-09-2008

Hi rechard,

I think you need some modification like below:

I want to know before proceed, is there any internet devices after your ASA?? If not, you should use public ip at your outside interface.

a) You need one more map ip possibly public ip other than 119.15.81.49 , example 119.15.81.50, please dont use outside interface ip to map into internal ip

a) Please add; static (inside,ouside) 119.15.81.50 10.10.10.2 netmask 255.255.255.255

b) Applied one more access-list 105:

access-list 105 extended permit tcp any host 119.15.81.50 eq 3389

c) Applied the access-list 105 at global config for outside interface (Ethernet0/0):

access-group 105 in interface outside

Please rate if this helps. Thank you.

rechard_david · ‎04-09-2008

Dear Sir,

yes, when i tested like you gave example to me is working. Why we need one more Public IP address?

So last time i was configure on Pix 515 i have one public ip and map ip it ok ( i mean one public ip add the same interface outside that i map).

Could you advice me please?

Best Regards,

Rechard

aansatosorigin · ‎04-09-2008

Hi Rechard,

I m glad that it works. Actually is based on your configuration

Before I explain further, may I know is that previously you assign public ip at outside interface??

If yes, please try one more way:

a) global (outside) 1 interface

- test this command first

- if not works, please change to fix public ip

b) static (inside,outside) tcp interface 3389 10.10.10.2 3389 netmask 255.255.255.255 0 0

- do redirection port

c) access-list 105 permit tcp any host 119.15.81.51 eq 3389

- please put public IP that you assign at OUTSIDE interface, here I put example ip 119.15.81.51

d) access-group 105 in interface outside

Please give me a feedback, if works, I hope you will definitely understand. Please RATE if helps and remark as RESOLVED. Thank you

regards,

aans

rechard_david · ‎04-16-2008

Dear aans,

I'm sorry for reply late because i have long holiday.

After i follow your command it done, very thank you.

Oh! on answer B i would like to ask you that:

command tcp interface ( this command Interface mean that interface outside right?)

why we put the name is working but when we put ip address outside interface not work? what are different ?

could you advice me please?

Best Regards,

rechard

aansatosorigin · ‎04-16-2008

Hi Rechard,

This because at global, you have define interface as global translation

for all addresses matching NAT rule 1 to be translated through the outside interface or to the internet. This also follows if you are applying ip address at global, which means you must also define ip address at your static NAT configuration. By theway, hope you can kindly rate our conversation and remark as resolve. Your cooperation is highly appreciated. Thank you.