08-19-2014 07:53 PM - edited 03-11-2019 09:39 PM
Hi Everyone,
I need to config NAT to allow one of our Vendors PC to remote desktop to PC in our Network.
Here is step up
Vendor PC--------Firewall1 ------Internet --------Firewall2 -------PC(192.168.50.10)
This connection is over the Internet.
Our PC has IP 192.168.50.10 it is behind the Firewall 2.
Firewall2 is doing the NAT.
Firewall2 is doing PAT overload and all the Internal IP addresses are translated to single public IP say 200.x.x.x
Firewall2 has version 8.2.
Vendor PC is using Port 5222 to remote desktop to PC 192.168.50.10.
Need help on NAT config so that Vendor PC say remote desktop to Public IP 200.x.x.x and it gets translated to 192.168.50.10 on Firewall2?
Regards
Mahesh
Solved! Go to Solution.
08-20-2014 12:00 AM
You need a static translation for that port:
static (inside,outside) tcp 200.x.x.x 5222 192.168.50.10 5222 netmask 255.255.255.255
And that traffic needs to be allowed on the outside ACL:
access-list NAME-OF-ACL ext permit tcp REMOTE-IP host 200.x.x.x eq 5222
More on that in this config-example:
More on NAT in general is in the config-guide:
http://www.cisco.com/c/en/us/td/docs/security/asa/asa82/configuration/guide/config/nat_overview.html
08-20-2014 12:26 AM
Hi,
You want to translate with 5222 as it is to reach your RDP PC or vendor will try with port 5222 and you wanna that to translate it to 3389....
if so your NAT should be like this
static (inside,outside) tcp 200.x.x.x 5222 192.168.50.10 3389 netmask 255.255.255.255
If you are using same port at both cases, then karsten's command will do....
make sure your acl is updated at any cases.
Regards
Karthik
08-19-2014 11:54 PM
Hi Mahesh ,
What is your ASA code version ?? . Share me your Firewall 2 config .
HTH
Sandy
08-20-2014 12:00 AM
You need a static translation for that port:
static (inside,outside) tcp 200.x.x.x 5222 192.168.50.10 5222 netmask 255.255.255.255
And that traffic needs to be allowed on the outside ACL:
access-list NAME-OF-ACL ext permit tcp REMOTE-IP host 200.x.x.x eq 5222
More on that in this config-example:
More on NAT in general is in the config-guide:
http://www.cisco.com/c/en/us/td/docs/security/asa/asa82/configuration/guide/config/nat_overview.html
08-20-2014 07:58 PM
Thanks for helping me out.
Regards
MAhesh
08-20-2014 12:26 AM
Hi,
You want to translate with 5222 as it is to reach your RDP PC or vendor will try with port 5222 and you wanna that to translate it to 3389....
if so your NAT should be like this
static (inside,outside) tcp 200.x.x.x 5222 192.168.50.10 3389 netmask 255.255.255.255
If you are using same port at both cases, then karsten's command will do....
make sure your acl is updated at any cases.
Regards
Karthik
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: