Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Cisco ASA PAT/Static NAT Translation (What am I missing?)

I know this question has been asked a thousand times, and Ive read maybe 20-30 articles and cisco support forums, but I am still unable to get this thing working. I will even get a prompt to enter my password, but Remote Desktop will hang. Is this an issue with RDP and the ASA or possibly my NAT config? Thanks a ton to anyone who reads this. (Ive passed the ASA exam so this is doubly embarrassing)

Note: I am trying to have port 21 accept the connection for RDP and forward them to this box.

Ive included the config below but here are the meat and taters.

object network obj_rdpsrv
 host 10.0.1.2

 nat (inside,outside) static interface service tcp 3389 ftp 

access-list 123 extended permit tcp any host 10.0.1.2 eq 3389 

access-group 123 in interface outside

http://pastebin.com/kXBuu6FA

 

Note - packet tracer is happy with this too using the following parameters - 
packet-tracer input outside tcp 8.8.8.8 1234 <outside interface IP> 21 detailed

Everyone's tags (1)
2 REPLIES

Hi malering, Remove this line

Hi malering,

 

Remove this line.

no nat (inside,outside) static interface service tcp 3389 ftp

 

Copy this line instead:

nat (inside,outside) static interface service tcp 3389 3389

 

Thanks

Rizwan Rafeek

 

Hi, Can you try the port

Hi,

 

Can you try the port-forwarding with a high port numbers? such as 10389 or something else instead of using 21 which is a reserved port for ftp.... and also you have to check the rdp machine that it is accepting the forwarded port number for rdp connections?

 

Regards

Karthik

115
Views
0
Helpful
2
Replies
CreatePlease login to create content