Cisco ASA PAT/Static NAT Translation (What am I missing?)

malering · ‎04-17-2014

I know this question has been asked a thousand times, and Ive read maybe 20-30 articles and cisco support forums, but I am still unable to get this thing working. I will even get a prompt to enter my password, but Remote Desktop will hang. Is this an issue with RDP and the ASA or possibly my NAT config? Thanks a ton to anyone who reads this. (Ive passed the ASA exam so this is doubly embarrassing)

Note: I am trying to have port 21 accept the connection for RDP and forward them to this box.

Ive included the config below but here are the meat and taters.

object network obj_rdpsrv
host 10.0.1.2

nat (inside,outside) static interface service tcp 3389 ftp

access-list 123 extended permit tcp any host 10.0.1.2 eq 3389

access-group 123 in interface outside

http://pastebin.com/kXBuu6FA

Note - packet tracer is happy with this too using the following parameters -
packet-tracer input outside tcp 8.8.8.8 1234 <outside interface IP> 21 detailed

rizwanr74 · ‎09-02-2014

Hi malering,

Remove this line.

no nat (inside,outside) static interface service tcp 3389 ftp

Copy this line instead:

nat (inside,outside) static interface service tcp 3389 3389

Thanks

Rizwan Rafeek

nkarthikeyan · ‎09-02-2014

Hi,

Can you try the port-forwarding with a high port numbers? such as 10389 or something else instead of using 21 which is a reserved port for ftp.... and also you have to check the rdp machine that it is accepting the forwarded port number for rdp connections?

Regards

Karthik