ASA - Port Forwarding from Outside to DMZ not working
I am facing some problem accesing one server in the DMZ from outside. Please see the attched file for the config.
I am using a public IPBBB.CCC.58.214 to access the server 10.204.18.201 . Currently for testing purpose i am trying to RDP to this particualr server.I have done all the necessary config to make this work.But due to some unknown issues it is not working. Even the access-list hits for this particular IP is 0.
Re: ASA - Port Forwarding from Outside to DMZ not working
Ping started working because the previous static statement only permitted port 3389 traffic through. The more general static statement allows the translation to occur on all ports, including ICMP. What the successful pings does show is that the translation is functioning correctly on the ASA. Most likely, the RDP packets are either being dropped before the firewall or the DMZ server isn't responding properly to the requests. To find out exactly what is going on, place a packet capture on the ASA. This will show you exactly where the RDP packets are being dropped or if they are making it to the firewall at all.
To configure the packet captures on the ASA:
access-list capture permit tcp any host BBB.CCC.58.214 eq 3389
access-list capture permit tcp host BBB.CCC.58.214 any eq 3389
access-list capture permit tcp any host 10.204.18.201 eq 3389
access-list capture permit tcp host 10.204.18.201 any eq 3389
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...