Cisco Support Community
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

Enabling Particular RDP Port ASA 8.6

Hi Experts

i am very beginneer in ASA & firewalling, i just want to enable RDP port 60892  for accesing one server outside what i did is

object service rdp

service tcp destination eq 60892

object-group service NET

service-object object rdp

access-list INSIDE_access_in extended permit object-group NET object INSIDE-LAN any ...

is that ok ...

any thing which i m missing ....

also how to check if the traffic is getting drop due to some reason ....


Super Bronze

Re: Enabling Particular RDP Port ASA 8.6


The configuration doesnt make sense to me atleast.

It seems to me that you are simply allowing traffic from behind "inside" interface to "any" destination IP address with the destination port TCP/60892. These configurations would not allow any connections from Internet to your internal host.

If you are attempting to connect to some internal host from the external network then you will need the NAT configuration and ACL allowing the traffic on your ASAs external interface.

To change the default port you would typically configure Static PAT (Port Forward)

object network RDP-SERVER


nat (inside,outside) static interface service tcp 3389 60892

Then you will need to check the ACL attached to your "outside" interface

show run access-group

If you see an ACL attached to the "outside" interface then you should add a rule to that ACL

access-list permit tcp any object RDP-SERVER eq 3389

You would then need to connect from the external network to your ASAs public IP address with the port TCP/60892 for the connection to be forwarded to the local IP address and port TCP/3389 by the NAT configuration.

- Jouni

CreatePlease to create content