Can't NAT RDP protocol through 2 ASA Firewalls
Posted on 2009-12-16
I have (2) ASA Firewalls across a single site. The first NAT's my public IP to private (call it zone 1) of 172.16.0.0 while the second one routes between 172.16 and 10.0 (call this zone 2).
I want a public IP to NAT RDP 3389 traffic to an IP in zone 2; so it has to traverse both firewalls to do this. FW 1 has routes to the 10 network by going through FW2. So I'm wanting to go from public straight to zone 2. I adde the NAT statement (call it 22.214.171.124 to 10.0.0.23) and did an allow ACL on the outside interface of FW1. The Packet tracer in ASDM shows that this works. On FW2 the ACL says anything from outside (172.16) can go to inside host 10.0.0.23 and the packet tracer shows that it can. I can ping from hosts in 172.16 range to 10.0. range. But, when I RDP from outside nad hit the NAT, the 10.0. hsot never responds. Can ayone tell me how to proceed troubleshooting this please? One interesting thing: when I add the public IP to the initial NAT rule, it tells me that I must use the interface name because apparently the outside interface on FW1 actually has this same IP assigned to it. Is this an issue and why? Thanks all! This is fairly urgent and I wish I could award more than 500. Small Visio attached shortly.
stretched silly admin.