Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Remote Desktop to server via ASA 5505

Need to configure ASA 5505 to allow remote desktop session from Internet (outside) to server on inside interface.

DSL modem is in bridge mode. I have a single live IP configured on outside interface (it's the only live IP I have for that site...leased from Embarq). I've enabled static translation from outside ip to inside ip on server (10.7.0.1). Do not have router on inside interface...all hosts within LAN have default gw set to inside int on 5505 (10.7.254.1). Config is below:

interface Vlan1

nameif inside

security-level 100

ip address 10.7.254.1 255.255.0.0

interface Vlan2

nameif outside

security-level 0

ip address 65.x.x.26 255.255.255.128

interface Ethernet0/0

switchport access vlan 2

access-list outside_int extended permit ip 165.x.x.0 255.255.255.0 host 65.x.x.26

global (outside) 1 interface

nat (inside) 1 0.0.0.0 0.0.0.0

static (inside,outside) 65.x.x.26 10.7.0.1 netmask 255.255.255.255

access-group outside_int in interface outside

route outside 0.0.0.0 0.0.0.x.x.162.1 1

telnet 10.0.0.0 255.0.0.0 inside

telnet 165.x.x.0 255.255.255.0 outside

I've tried so many variations on above config based on example documentation found online and nothing has worked. Any ideas what might be wrong?

7 REPLIES

Re: Remote Desktop to server via ASA 5505

have you try static PAT specifying the RDP tcp port.

e.g

static (inside,outside) tcp 65.174.162.26 3389 10.7.0.1 3389 netmask

255.255.255.255

and create access-list allowin TCP 3389 any from outside to inside host 10.7.0.1

see if that works.

Jorge

New Member

Re: Remote Desktop to server via ASA 5505

Unfortunately, your suggestions did not allow access to the internal server.

I'm curious if anyone can confirm that since we only have a single live IP (that is assigned to the outside interface on the 5505), is it possible to use that same live ip to attempt communication to an internal server using tcp port 3389? Or, would that require an additional IP address?

Thank you for your suggestions.

New Member

Re: Remote Desktop to server via ASA 5505

Yes it is possible I have a pix on my dsl connection and have setup a webserver and when you hit my external public IP my config redirects an port 80 traffic to my internal web server.

This is done just like Jorge described, if it is not working either post the config following his template here for review and/or look a bit deeper to make sure all the other pieces are correct like the server.

New Member

Re: Remote Desktop to server via ASA 5505

Change your static (inside,outside).... command to

static (inside,outside) tcp interface 3389 192.168.20.15 3389 netmask 255.255.255.255

Using the interface key word works where using the ip address of the same interface doesn't. I had the same problem.

New Member

Re: Remote Desktop to server via ASA 5505

That worked! I have no idea why but I'm not going to complain. I'm just happy to finally see some success.

Using "interface" instead of the external ip address in the static translation statement solved the problem. I'm now able to remotely manage this server. Thanks for the advice!

Gold

Re: Remote Desktop to server via ASA 5505

to be consistent you should also change your acl entry to:

access-list outside_int extended permit ip 165.x.x.0 255.255.255.0 interface outside

Re: Remote Desktop to server via ASA 5505

Something I have learned today in this particular case !

2270
Views
9
Helpful
7
Replies