Jamist
asked on
Cisco ASA 5505 Remote Desktop setup on Port 3389
I would like to setup a Cisco ASA 5505 to allow access to a Terminal Server.
The firewall is connected to the internet and the terminal server is connected and has access to the internet.
I have confirmed that the firewall is receiving packets on port 3389.
My terminal Server is accepting connections and working from inside the network.
I am running ASA Version 8.4(2) on the firewall.
My Inside interface is 192.168.1.1/24
My Outside interface is 10.10.10.3
My Terminal Server is 192.168.1.5
I believe I need to first create an Access Rule
Then create a NAT entry to port forward to the Terminal server.
I can use either the gui or the command line entry (within the gui) to configure the firewall.
Many thanks for any help.
The firewall is connected to the internet and the terminal server is connected and has access to the internet.
I have confirmed that the firewall is receiving packets on port 3389.
My terminal Server is accepting connections and working from inside the network.
I am running ASA Version 8.4(2) on the firewall.
My Inside interface is 192.168.1.1/24
My Outside interface is 10.10.10.3
My Terminal Server is 192.168.1.5
I believe I need to first create an Access Rule
Then create a NAT entry to port forward to the Terminal server.
I can use either the gui or the command line entry (within the gui) to configure the firewall.
Many thanks for any help.
ASKER
The outside interface 10.10.10.3 is not my public IP, but provided by my Internet router.
I have previously unsuccesfully followed the examples in the link above. I am sure I am making a simple mistake, but cannot find it.
I have found command line examples that would have worked except they were written for ASA 8.2, and are not compatible with the ASA 8.4 I am running.
I have previously unsuccesfully followed the examples in the link above. I am sure I am making a simple mistake, but cannot find it.
I have found command line examples that would have worked except they were written for ASA 8.2, and are not compatible with the ASA 8.4 I am running.
Ok, so there will be no NAT working there since you'ree using 2 private IP's. You need to use the ISP router's subnet, or use a public IP address.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I have accesed the firewall via Telnet from the inside of the network. I have tried entering the commands in various ways and cannot get it to work, In between each attempt I restore the firewall to a fresh install.
I do not get any error messages, just the next prompt line after entering each command.
Non of the changes are reflected anywhere when I examine the config afterwards using ASDM.
Should I be in 'configure terminal' mode for the first part, access-lists part or both? I have tried this but again it did not work.
Thank you
I do not get any error messages, just the next prompt line after entering each command.
Non of the changes are reflected anywhere when I examine the config afterwards using ASDM.
Should I be in 'configure terminal' mode for the first part, access-lists part or both? I have tried this but again it did not work.
Thank you
ASKER
correction: I can see in ASDM that Network object TermServer has been created as Host with IP 192.168.1.5
but no NAT entry has been created, I am assuming one should have been.
I have succesfully created the access lists via the command line of ASDM. Still not working and no hits showing for the access rule.
I am still receiving 3389 traffic to my outside interface of 10.10.10.3, they just do not appear to be going anywhere.
but no NAT entry has been created, I am assuming one should have been.
I have succesfully created the access lists via the command line of ASDM. Still not working and no hits showing for the access rule.
I am still receiving 3389 traffic to my outside interface of 10.10.10.3, they just do not appear to be going anywhere.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thank you Iwalcher, your config was virtually correct. I had to make the following minor changes but the remote desktop connection is now working. By using the Public Severs feature, the access list and NAT rules were created automatically. I will now examine them and learn to create them manually using command line.
The NAT from the router was already setup, but I had to change thae translated address to 10.10.10.2 in order for everything to work.
Private Interface: inside
Private IP Address:TermServer1 (ADSM only accept a network object, This net object created following earlier post, it is a host with IP of 192.168.1.5)
Service: tcp/3389
Public Interface: outside
Public IP Address: 10.10.10.2 (This was changed to 10.10.10.2 as ADSM did not like it being the same IP as the outside interface, the router NAT was changed to point at 10.10.10.2)
The NAT from the router was already setup, but I had to change thae translated address to 10.10.10.2 in order for everything to work.
Private Interface: inside
Private IP Address:TermServer1 (ADSM only accept a network object, This net object created following earlier post, it is a host with IP of 192.168.1.5)
Service: tcp/3389
Public Interface: outside
Public IP Address: 10.10.10.2 (This was changed to 10.10.10.2 as ADSM did not like it being the same IP as the outside interface, the router NAT was changed to point at 10.10.10.2)
Cool! Glad it worked. There is a great feature in ASDM that you can use to easily see the text commands of any changes you make before committing them. It can also serve as a "poor man's configuration management" tool if you save off the changes somewhere every time you make them.
Just go to Tools->Preferences->Genera
Have fun!
Just go to Tools->Preferences->Genera
Have fun!
http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00807d287e.shtml