assuming the basic internet connectivity is fine, as well as the server is offering the rdp service. it might be something to do with the translation. do a "sh xlate" command and verify the translation. btw, what os is running on the pix?
The server is offering rdp service. The server has an Internal and External NIC at present. I can successfull conect (via rdp) to the external nic and when I establish a VPN connection to the PIX, I can then connect to the internal NIC of the server.
I tried your "sh xlate" command along with
"sh xlate interface outside", "sh xlate global Out.Ip.Add.116" and "sh xlate state static" and could only get "0 in use, 6 most used"
As I used the static command to map outside to inside ip address I did a "sh static" and got
"static (inside,outside) Out.IP.Add.116 Server netmask 255.255.255.255 0 0" Which is the same as in the config.
Just to let you know; The PC I am using for the testing is behind a firewall, and hence NAting out to the Internet. Don't know if that makes any difference (hope not as I would guess that most external connections to this server will be NATed to get to the Internet).
Hope this information helps with diagnosing the problem.
"The server has an Internal and External NIC at present. I can successfull conect (via rdp) to the external nic and when I establish a VPN connection to the PIX, I can then connect to the internal NIC of the server."
If you do a "route print" on the Terminal Server the default route will be out the "External NIC" therfore the TCP session for the RDP connection will not be successfull.
If you add a route to the server that routes the Public IP address of the workstation you are testing this from to the inside interface of the Pix then it will most likely work.
The way that you can test this would be to do the following:
access-list test permit tcp any host Server eq 3389
access-list test permit tcp host Server eq 3389 any
capture TEST access-list test interface inside
show capture TEST
(capture names and access-list names are case sensitive)
this will show you the "syn" go to the internal IP but nothing coming back.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...