Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
400
Views
0
Helpful
2
Replies

ASA 5505 Port Forwarding

akalender
Level 1
Level 1

‎03-19-2009 12:13 PM - edited ‎03-11-2019 08:07 AM

I am having simple issue with setting up port forwarding for RDC on ASA 5505. I have configured several other ASA 5505 appliances using the same commands and they all work fine. Here is the running config. Any help would be appreciated.

Result of the command: "show conf"

: Saved

: Written by enable_15 at 05:11:58.270 UTC Thu Mar 19 2009

!

ASA Version 7.2(2)

!

hostname ciscoasa

domain-name default.domain.invalid

enable password xxxx encrypted

names

!

interface Vlan1

nameif inside

security-level 100

ip address 192.168.3.1 255.255.255.0

!

interface Vlan2

nameif outside

security-level 0

ip address 70.x.x.x 255.255.255.248

!

interface Ethernet0/0

switchport access vlan 2

!

interface Ethernet0/1

!

interface Ethernet0/2

!

interface Ethernet0/3

!

interface Ethernet0/4

!

interface Ethernet0/5

!

interface Ethernet0/6

!

interface Ethernet0/7

!

passwd xxxx encrypted

ftp mode passive

dns server-group DefaultDNS

domain-name default.domain.invalid

access-list outside_access_in_web extended permit tcp any interface outside eq 3389

pager lines 24

logging asdm informational

mtu outside 1500

mtu inside 1500

icmp unreachable rate-limit 1 burst-size 1

asdm image disk0:/asdm-522.bin

no asdm history enable

arp timeout 14400

global (outside) 1 interface

nat (inside) 1 0.0.0.0 0.0.0.0

static (inside,outside) tcp interface 3389 192.168.3.48 3389 netmask 255.255.255.255

access-group outside_access_in_web in interface outside

route outside 0.0.0.0 0.0.0.0 70.x.x.x 1

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00

timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00

timeout uauth 0:05:00 absolute

http server enable

http 192.168.3.0 255.255.255.0 inside

no snmp-server location

no snmp-server contact

snmp-server enable traps snmp authentication linkup linkdown coldstart

telnet timeout 5

ssh timeout 5

console timeout 0

dhcpd auto_config outside

!

dhcpd address 192.168.3.2-192.168.3.129 inside

dhcpd enable inside

!

!

class-map inspection_default

match default-inspection-traffic

!

!

policy-map type inspect dns preset_dns_map

parameters

message-length maximum 512

policy-map global_policy

class inspection_default

inspect dns preset_dns_map

inspect ftp

inspect h323 h225

inspect h323 ras

inspect rsh

inspect rtsp

inspect esmtp

inspect sqlnet

inspect skinny

inspect sunrpc

inspect xdmcp

inspect sip

inspect netbios

inspect tftp

!

service-policy global_policy global

prompt hostname context

Cryptochecksum:7574d93ff465f1714247a73fa3b2d265

Labels:
0 Helpful
2 Replies 2

robertson.michael
Level 3
Level 3

‎03-19-2009 12:48 PM

Hi Almir,

Your ACL and NAT statements both look good to me. Try adding:

ASA(config)# interface e0/x

ASA(config-if)# switchport access vlan 1

Where e0/x is the interface that the RDP server (192.168.3.48) is connected to (e.g. e0/1). This will configure the switch port as an access port for VLAN 1 (your inside network).

Hope that helps.

-Mike

0 Helpful

ex_pmadayag
Level 1
Level 1

‎03-23-2009 10:05 AM

config looks fine

Does RDP work locally?

If you access the rdp server from outside, do you get hit counts in your outside ACL?

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card