Access Rules for RDP port mapped to a non-standard port.

We have a Cisco ASA 5510 and have multiple computers within our network that require RDP access.  Rather than modify the registry to have each PC use a different RDP port I would prefer to map different external ports to the standard RDP port within the network.  To accomplish this I used the following command:

static (inside,outside) tcp interface 3389 192.168.0.27 7000 netmask 255.255.255.255

I then added the following rule to the access rules:

access-list outside_access_in extended permit tcp any interface outside eq 7000
access-list outside_access_in extended permit udp any interface outside eq 7000

I am still unable to connect and when I run a packet trace it says the packet was dropped by rule, so my assumption is that the format of the access-list command is incorrect.  This is basically the same process I've used to forward ports in the past when the external and translated port are the same, so I'm not sure what I'm doing wrong.
LVL 1
KavalleriAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

SteveNetwork ManagerCommented:
try this :

static (inside,outside) tcp externalIP 3389 192.168.0.27 7000 netmask 255.255.255.255

access_list outside_access_in extended permit tcp any host externalIP eq 7000
0
oztrodamusCommented:
If PsychoFelix's answer doesn't work I would then look at your access-list and make sure nothing preceeding your new entries doesn't conflict.
0
batry_boyCommented:
This is the correct syntax:

static (inside,outside) tcp interface 7000 192.168.0.27 3389 netmask 255.255.255.255

Your access list statements as you originally posted them are correct:

access-list outside_access_in extended permit tcp any interface outside eq 7000
access-list outside_access_in extended permit udp any interface outside eq 7000
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
KavalleriAuthor Commented:
This led me down the right path.  Thanks so much!
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Routers

From novice to tech pro — start learning today.