Access Rules for RDP port mapped to a non-standard port.

We have a Cisco ASA 5510 and have multiple computers within our network that require RDP access.  Rather than modify the registry to have each PC use a different RDP port I would prefer to map different external ports to the standard RDP port within the network.  To accomplish this I used the following command:

static (inside,outside) tcp interface 3389 192.168.0.27 7000 netmask 255.255.255.255

I then added the following rule to the access rules:

access-list outside_access_in extended permit tcp any interface outside eq 7000
access-list outside_access_in extended permit udp any interface outside eq 7000

I am still unable to connect and when I run a packet trace it says the packet was dropped by rule, so my assumption is that the format of the access-list command is incorrect.  This is basically the same process I've used to forward ports in the past when the external and translated port are the same, so I'm not sure what I'm doing wrong.
LVL 1
KavalleriAsked:
Who is Participating?
 
batry_boyConnect With a Mentor Commented:
This is the correct syntax:

static (inside,outside) tcp interface 7000 192.168.0.27 3389 netmask 255.255.255.255

Your access list statements as you originally posted them are correct:

access-list outside_access_in extended permit tcp any interface outside eq 7000
access-list outside_access_in extended permit udp any interface outside eq 7000
0
 
SteveNetwork ManagerCommented:
try this :

static (inside,outside) tcp externalIP 3389 192.168.0.27 7000 netmask 255.255.255.255

access_list outside_access_in extended permit tcp any host externalIP eq 7000
0
 
oztrodamusCommented:
If PsychoFelix's answer doesn't work I would then look at your access-list and make sure nothing preceeding your new entries doesn't conflict.
0
 
KavalleriAuthor Commented:
This led me down the right path.  Thanks so much!
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.