Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Allow RDP 3389 through Cisco ASA5505

Posted on 2010-11-28
10
Medium Priority
?
3,038 Views
1 Endorsement
Last Modified: 2012-06-27
Hello,

I've checked around on here already, but couldn't get this to work.  I need to get remote desktop forwarded through a cisco asa5505 with the software asdm version 5.2 (3) and asa version 7.2 (3), these versions were in the about section of the software.

Thanks.
J&S
1
Comment
Question by:jands
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
  • 3
  • +1
10 Comments
 
LVL 3

Expert Comment

by:lentinsun
ID: 34228310
Open the 3389 port in ASA firewall using Access-list. U can use the following comand.
access-list  (access-list no:) extended permit tcp any any eq 3389

and then place it in the appropriate interface (Incase already access-lists are configured in the appropriate interface , Just use that access-list no: wer i have written access-list no: in brackets.

pls make  neccessary changes according to ur requirement.

Good luck.
0
 
LVL 4

Expert Comment

by:Kendzast
ID: 34228832
I agree with lentinsun. If there is no access-list that block your traffic (see logs) don't forget to check your NAT statement if nat-control is enabled.
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 34229650
If you can post your current config we can give you all the exact commands. It is very difficult to do using the ASDM, but actually very simple using the command line. You can even use the ASDM's Command Line Tool, multiline command and we can give you the commands to copy/paste, submit, done.
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 

Author Comment

by:jands
ID: 34229837
Should I just install microsoft hyperterminal and connect to it that way?  I'm pretty sure it'll be the default config, as the asdm looked pretty empty.
0
 
LVL 3

Expert Comment

by:lentinsun
ID: 34229934
If ur firewall is connected to network..better u use Putty telnet(http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html). It is a free tool.

access-list  (access-list no:) extended permit tcp any any eq 3389 (create the access-list)
access-list  (access-list no:) permit ip any any
now access the interface wer u want to put the access-list
access-group (access-list no:) in interface outside  (placing the access-list in suitable interface)


pls use access-list-number between 101 to 199 as this is an extended access-list.
0
 
LVL 79

Accepted Solution

by:
lrmoore earned 2000 total points
ID: 34230018
The asdm is fine. You don't have to worry about connecting console cable/hyperterm or putty..

If it is default config, edit/copy/paste this into the Tools| Command line tool | Multiline command box
Replace <IP of RDP Client> with ip address of the PC you want to RDP to.

access-list outside_access_in permit tcp any interface outside eq 3389
static (inside,outside) tcp interface 3389 <IP of RDP Client> 3389 netmask 255.255.255.255
access-group outside_access_in in interface outside

[Submit  ]

Done
0
 

Author Comment

by:jands
ID: 34230902
the only thing I've ever done one on of these devices is reset the password, using a cisco support doc.  The reason I mention this is because I'm not a command line cisco guy.  Do I need the commands in () as well?  If someone could please just lay out exactly what needs to be inputted I would greatly appreciate it.

Thanks.
0
 
LVL 3

Expert Comment

by:lentinsun
ID: 34231105
Firewall# configure terminal
firewall(config)#access-list 110 extended permit tcp any any eq 3389
firewall(config)#access-list 110 permit ip any any
firewall(config)#interface (u should find out ur outbound interface and put it after interface)
firewall(config-if)access-group 110 in interface outside

U can find out ur interfaces using show interface command like below

firewall#show interface

Good luck dude....hope this will help u...other wise u can give a try to asdm. Revert back if u have any doubts...
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 34231229
What is the IP address of the PC that you want to RDP to ?
0
 

Author Closing Comment

by:jands
ID: 34233724
Perfect.  Thanks.
0

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This past year has been one of great growth and performance for OnPage. We have added many features and integrations to the product, making 2016 an awesome year. We see these steps forward as the basis for future growth.
This article is in regards to the Cisco QSFP-4SFP10G-CU1M cables, which are designed to uplink/downlink 40GB ports to 10GB SFP ports. I recently experienced this and found very little configuration documentation on how these are supposed to be confi…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question