troubleshooting Question

Can't NAT RDP protocol through 2 ASA Firewalls

Avatar of marksheeks
marksheeks asked on
6 Comments2 Solutions635 ViewsLast Modified:
I have (2) ASA Firewalls across a single site. The first NAT's my public IP to private (call it zone 1) of while the second one routes between 172.16 and 10.0 (call this zone 2).
I want a public IP to NAT RDP 3389 traffic to an IP in zone 2; so it has to traverse both firewalls to do this. FW 1 has routes to the 10 network by going through FW2. So I'm wanting to go from public straight to zone 2. I adde the NAT statement (call it to and did an allow ACL on the outside interface of FW1. The Packet tracer in ASDM shows that this works. On FW2 the ACL says anything from outside (172.16) can go to inside host and the packet tracer shows that it can. I can ping from hosts in 172.16 range to 10.0. range. But, when I RDP from outside nad hit the NAT, the 10.0. hsot never responds. Can ayone tell me how to proceed troubleshooting this please? One interesting thing: when I add the public IP to the initial NAT rule, it tells me that I must use the interface name because apparently the outside interface on FW1 actually has this same IP assigned to it. Is this an issue and why? Thanks all! This is fairly urgent and I wish I could award more than 500. Small Visio attached shortly.
stretched silly admin.
Join the community to see this answer!
Join our exclusive community to see this answer & millions of others.
Unlock 2 Answers and 6 Comments.
Join the Community
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 2 Answers and 6 Comments.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros