Re: RDP ASA5510

detscorn123 · ‎02-22-2007

Hey all,

We are in the process of slowly setting up our new appliance. We are messing around with allowing in bound connection for remote desktop. When we add the first one it works fine, but when we add the second one it says that port is already used. How do we add more than one??

I'm not the one that is working on this, but I believe he is trying to do this through the security policy.

Thanks.

Dylan

sachinraja · ‎02-22-2007

Hello Dylan,

Is the RDC from outside to a PC on the inside ?? Have you opened UDP port 3389 ? Have you done a static ? it seems you can do a remote desktop to the PC on the first instance and not for more than one connection ?? is that so ? if that is the case, i dont think the firewall configs are a problem.. they might have to check if they have limited the RDC connections on the end station...

Check this and let us know..

Raj

detscorn123 · ‎02-23-2007

Sorry I might have not been clear on what I was saying.

We are using RD from an outside machine and NATing to an inside machine. We have set it up to work with one. When we go to add another rule for another machine we get a port already in use (3389). We use RD a lot and sometime set up outside agencies to get to certain machines. We need to be able to add more than one.

hoogen_82 · ‎02-23-2007

Do post your scenario and config. If one static statement is done there should be no further problem

Cheers

Hoogen

acomiskey · ‎02-23-2007

You need to use another ip address if you have them. Or if you are port translating using the outside address for firewall you will need to set remote desktop to use different ports for other machines. I think I am understanding you correctly. Maybe explain what you mean by "add another rule".

detscorn123 · ‎02-23-2007

Thanks for the replys everyone. I am not the one that is doing the configs on the appliance. Here is what I see in the configs (ASDM)

Under Nat the added rule looks like this:

"Original"

interface - inside

source network - 192.x.x.x port 3389/tcp (inside machine)

Destination Network - any

"Translated"

interface - outside

Address - interface IP Port3389/tcp

There is another rule here that might have been added for this to work.

looks like that it translates any inside ip to the outside ip address (the ISP ip)

Under security policy there is also a rule.

Source/host - This is an outside IP (my home)

destination/host - My machine on the inside network

rule applied to traffic - incoming

interface - outside

Service 3389/tcp

I think that under the security policy is where he is trying to add another rule for access. Apparently this is where he is trying to add the rule.

Again sorry for the poor explanation, but maybe some of the above will help.

The main thing we are trying to do is to be able to use remote desktop with different outside pc to connect to various inside PCs. One outside PC will only connect to one inside PC, but we want to be able to decide the one.

maybe there is a better way to set this up??

Thanks again.

acomiskey · ‎02-23-2007

So when you rdp you are using the outside address of the firewall, which in turn translates to inside machine 192.168.x.1. If you want to rdp to 192.168.x.2, you will need to forward a different port or use another ip, not outside pix address.