Open RPC port on a ASA 5505

I am used to configure cisco PIX 501, but one of our customers bought a ASA 5505. The commands are quite similar so I thought that it won't be an issue configuring it.
Unfortunately I can access the internet or RPC from the server, but I can't access the server from the outside. I tried RPC or even port 25 is not responsive.
I am not sure if there is an extra line I need to add for the ASA 5505. I even checked the APDM, and there it shows that the links are down on the outside and inside interface, even if there is some internet traffic. If I check the rules there every thing seems to be fine. Could some one have a look at my configuration and tell me if I am missing something? x.x.x.x is the server address on the outside interface and y.y.y.y is the gateway
thanks
!
ASA Version 7.2(3)
!
hostname ciscoasa
enable password 8Ry2YjIyt7RRXU24 encrypted
names
!
interface Vlan1
 nameif inside
 security-level 100
 ip address 192.168.150.1 255.255.255.0
!
interface Vlan2
 nameif outside
 security-level 0
 ip address x.x.x.x 255.255.255.248
!
interface Ethernet0/0
 switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
!
passwd 2KFQnbNIdI.2KYOU encrypted
ftp mode passive
access-list acl_out extended permit icmp any any echo-reply
access-list acl_out extended permit tcp any host x.x.x.x eq 3389
pager lines 24
logging asdm informational
mtu outside 1500
mtu inside 1500
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0
tatic (inside,outside) tcp x.x.x.x 3389 192.168.150.5 3389 netmask 255.25
5.255.255
access-group acl_out in interface outside
route outside 0.0.0.0 0.0.0.0 y.y.y.y 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
http server enable
http 192.168.150.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd address 192.168.150.10-192.168.150.41 inside
dhcpd enable inside
!
 
!
class-map inspection_default
 match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
 parameters
  message-length maximum 512
policy-map global_policy
 class inspection_default
  inspect dns preset_dns_map
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect rsh
  inspect rtsp
  inspect sqlnet
  inspect skinny
  inspect sunrpc
  inspect xdmcp
  inspect sip
  inspect netbios
  inspect tftp
!
service-policy global_policy global
prompt hostname context
Cryptochecksum:36c76ca5be5e7261eb0913fdbc800e2b

Open in new window

odewulfPresidentAsked:
Who is Participating?
 
Pete LongConnect With a Mentor Technical ConsultantCommented:
What port are you trying to contact the server on?
Looking at the config you have 3389 RDP? is that what you are trying to do?

do this

conf t
no access-list acl_out extended permit tcp any host x.x.x.x eq 3389
no access-list acl_out extended permit icmp any any echo-reply
no access-group acl_out in interface outside
access-list inbound permit tcp any interface outside eq 3389
access-group inbound in interface outside
static (inside,outside) tcp interface 3389 x.x.x.x 3389 netmask 255.255.255.255
write mem

OK now we will sort out icmp.............

policy-map global_policy
class inspection_default
inspect icmp
exit
exit
write mem
clear xlate


now try again :)





0
 
odewulfPresidentAuthor Commented:
Thanks I am going to try that this afternoon.
I was trying to open a few more ports that just RDP, but for the example RDP was enough. I will do the same for the other port and let you how it goes
thanks again
0
 
Pete LongTechnical ConsultantCommented:
0
 
odewulfPresidentAuthor Commented:
Thanks again it worked perfectly now. The only issue I still have left is that now the users can't connect using the windows VPN. It is trying to connect but then I get the error 800. I am going to check for that
0
 
Pete LongTechnical ConsultantCommented:
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.