?
Solved

Access Rules for RDP port mapped to a non-standard port.

Posted on 2008-11-17
4
Medium Priority
?
416 Views
Last Modified: 2012-06-21
We have a Cisco ASA 5510 and have multiple computers within our network that require RDP access.  Rather than modify the registry to have each PC use a different RDP port I would prefer to map different external ports to the standard RDP port within the network.  To accomplish this I used the following command:

static (inside,outside) tcp interface 3389 192.168.0.27 7000 netmask 255.255.255.255

I then added the following rule to the access rules:

access-list outside_access_in extended permit tcp any interface outside eq 7000
access-list outside_access_in extended permit udp any interface outside eq 7000

I am still unable to connect and when I run a packet trace it says the packet was dropped by rule, so my assumption is that the format of the access-list command is incorrect.  This is basically the same process I've used to forward ports in the past when the external and translated port are the same, so I'm not sure what I'm doing wrong.
0
Comment
Question by:Kavalleri
4 Comments
 
LVL 12

Expert Comment

by:Steve
ID: 22983378
try this :

static (inside,outside) tcp externalIP 3389 192.168.0.27 7000 netmask 255.255.255.255

access_list outside_access_in extended permit tcp any host externalIP eq 7000
0
 
LVL 7

Expert Comment

by:oztrodamus
ID: 22983669
If PsychoFelix's answer doesn't work I would then look at your access-list and make sure nothing preceeding your new entries doesn't conflict.
0
 
LVL 28

Accepted Solution

by:
batry_boy earned 2000 total points
ID: 22983726
This is the correct syntax:

static (inside,outside) tcp interface 7000 192.168.0.27 3389 netmask 255.255.255.255

Your access list statements as you originally posted them are correct:

access-list outside_access_in extended permit tcp any interface outside eq 7000
access-list outside_access_in extended permit udp any interface outside eq 7000
0
 
LVL 1

Author Closing Comment

by:Kavalleri
ID: 31517763
This led me down the right path.  Thanks so much!
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Tired of waiting for your show or movie to load?  Are buffering issues a constant problem with your internet connection?  Check this article out to see if these simple adjustments are the solution for you.
How to set-up an On Demand, IPSec, Site to SIte, VPN from a Draytek Vigor Router to a Cyberoam UTM Appliance. A concise guide to the settings required on both devices
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

864 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question