Access Rules for RDP port mapped to a non-standard port.
Posted on 2008-11-17
We have a Cisco ASA 5510 and have multiple computers within our network that require RDP access. Rather than modify the registry to have each PC use a different RDP port I would prefer to map different external ports to the standard RDP port within the network. To accomplish this I used the following command:
static (inside,outside) tcp interface 3389 192.168.0.27 7000 netmask 255.255.255.255
I then added the following rule to the access rules:
access-list outside_access_in extended permit tcp any interface outside eq 7000
access-list outside_access_in extended permit udp any interface outside eq 7000
I am still unable to connect and when I run a packet trace it says the packet was dropped by rule, so my assumption is that the format of the access-list command is incorrect. This is basically the same process I've used to forward ports in the past when the external and translated port are the same, so I'm not sure what I'm doing wrong.