Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Remote desktop to a host behind an ASA Appliance

I want to remote desktop to a host behind ASA Firewall through Internet. My ASA Firewall connect to an Draytek Vigor Load Balancer. Please guide me how to config ASA Firewall for this.

Thanks & Best Regards

2 ACCEPTED SOLUTIONS

Accepted Solutions

Re: Remote desktop to a host behind an ASA Appliance

There are coulple of ways of doing it, you could use spare public IP and assign it to your local server in the firewall to create a static nat.

e.g

Assume server IP: 192.168.1.1

Public IP: 30.30.30.1

static (inside,outside) 30.30.30.1 192.168.1.1 netmask 255.255.255.255

access-list out_access_in permit tcp any host 30.30.30.1 eq 3389

access-group out_access_in in interface outside

If do do not count with spared public IPs you could use outside interface to accomplish this as well.

e.g

Assume ASA outside interface IP is 30.30.30.1

static (inside,outside) tcp interface 3389 192.168.1.1 3389 netmask 255.255.255.255

access-list out_access_in permit tcp any host 30.30.30.1 eq 3389

access-group out_access_in in interface outside

Rgds

Jorge

Re: Remote desktop to a host behind an ASA Appliance

Sang, glad it worked out.. could you rate post as resolved.

good luck and happy X-mas

Rgds

Jorge

4 REPLIES

Re: Remote desktop to a host behind an ASA Appliance

There are coulple of ways of doing it, you could use spare public IP and assign it to your local server in the firewall to create a static nat.

e.g

Assume server IP: 192.168.1.1

Public IP: 30.30.30.1

static (inside,outside) 30.30.30.1 192.168.1.1 netmask 255.255.255.255

access-list out_access_in permit tcp any host 30.30.30.1 eq 3389

access-group out_access_in in interface outside

If do do not count with spared public IPs you could use outside interface to accomplish this as well.

e.g

Assume ASA outside interface IP is 30.30.30.1

static (inside,outside) tcp interface 3389 192.168.1.1 3389 netmask 255.255.255.255

access-list out_access_in permit tcp any host 30.30.30.1 eq 3389

access-group out_access_in in interface outside

Rgds

Jorge

New Member

Re: Remote desktop to a host behind an ASA Appliance

Thanks for your solution!

But my problem is having no public IP. And my Draytek Vigor Load Balancer NAT all traffic incoming.

New Member

Re: Remote desktop to a host behind an ASA Appliance

@ Jorge: I've try with your solution and it's sucessful

Deeply thanks and Best Regards

Re: Remote desktop to a host behind an ASA Appliance

Sang, glad it worked out.. could you rate post as resolved.

good luck and happy X-mas

Rgds

Jorge

850
Views
0
Helpful
4
Replies